[RADIATOR] RADSEC issue on Windows Server 2019
Heikki Vatiainen
hvn at open.com.au
Mon Oct 21 12:10:44 UTC 2019
On 17/10/2019 15.28, l.m.c.haverkotte at utwente.nl wrote:
> After adding the very simple barebones ServerRADSEC clause shown below
> to my configuration:
It's a bit too simple: add TLS_CAFile or TLS_CAPath too. What is missing
is the information about which client certificates the server side
should trust.
> <ServerRADSEC>
> Identifier UT-Backend-RADSEC
> Port 2083
> Protocol tcp
> Secret SomethingVerySecret
>
> UseTLS
>
> TLS_Protocols TLSv1.1,TLSv1.2
> TLS_CertificateType PEM
> TLS_CertificateFile %D/certs/cert.pem
> TLS_PrivateKeyFile %D/certs/key.pem
>
> TLS_Ciphers DEFAULT
> </ServerRADSEC>
>
> Radiator logs the following errors on startup:
> ERR: StreamTLS could not load_verify_locations , : 4100: 1 -
The log above prints the value of TLS_CAFile, TLS_CAPath. See
goodies/radsec-server.cfg for a configuration sample. The sample uses
TLS_CAFile, to specificy which CA certificates server side should trust.
It's ok to specify only one of the parameters, but the both can not be
undefined.
For more information about the OpenSSL library call Radiator does, see
SSL_CTX_load_verify_locations documentation here:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_load_verify_locations.html
> error:25078067:DSO support routines:win32_load:could not load the shared
> library
> 00000000 4100: 2 - error:25070067:DSO support routines:DSO_load:could
> not load the shared library
> 00000000 4100: 3 - error:260B6084:engine routines:dynamic_load:dso not
> found
> 00000000 4100: 4 - error:2606A074:engine routines:ENGINE_by_id:no such
> engine
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list