Hi all, I'm having some strange behaviour with Wireless EAP-TLS authentication. I use Radiator 3.3.1 with patches of about 10 days ago. I present a certificate from a trusted CA to the server, but with a name unknown to it, but radius accepts authentication.
Some hint on this? Thanks -- ************************************************************************ Denis Pavani CINECA - Comunicazioni e Sistemi Distribuiti phone:+39 0516171411 / fax:+39 0516132198 http://www.cineca.it ************************************************************************ "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo" -- Gunny Highway
users
Description: application/java-applet
Foreground
LogStdout
LogDir ./logs
DbDir .
Trace 4
DictionaryFile ./dictionary
<AuthLog FILE>
Identifier myauthlogger
Filename %L/authlog
LogSuccess 1
LogFailure 1
</AuthLog>
<Client 192.168.18.7>
Secret FakeKey
DupInterval 0
IgnoreAcctSignature
</Client>
<Handler NAS-IP-Address = /192\.168\.18\./>
<AuthBy FILE>
Filename ./users
# EAPType sets the default EAP type that Radiator will
# ask for when it receives an identity request
# Options are: MD5-Challenge, One-Time-Password
# Generic-Token, TLS.
EAPType TLS
# EAPTLS_CAFile is the name of a file of CA certificates
# in PEM format. The file can contain several CA certificates
# Radiator will first look in EAPTLS_CAFile then in
# EAPTLS_CAPath, so there usually is no need to set both
EAPTLS_CAFile /usr/local/radius/certs/root.pem
# EAPTLS_CAPath is the name of a directory containing CA
# certificates in PEM format. The files each contain one
# CA certificate. The files are looked up by the CA
# subject name hash value
# EAPTLS_CAPath /usr/local/ssl/alterCA
# EAPTLS_CertificateFile is the name of a file containing
# the servers certificate. EAPTLS_CertificateType
# specifies the type of the file. Can be PEM or ASN1
# defaults to ASN1
EAPTLS_CertificateFile /usr/local/radius/certs/cert-srv.pem
EAPTLS_CertificateType PEM
# EAPTLS_PrivateKeyFile is the name of the file containing
# the servers private key. It is sometimes in the same file
# as the server certificate (EAPTLS_CertificateFile)
# If the private key is encrypted (usually the case)
# then EAPTLS_PrivateKeyPassword is the key to descrypt it
EAPTLS_PrivateKeyFile /usr/local/radius/certs/cert-srv.pem
EAPTLS_PrivateKeyPassword radiusd
# EAPTLS_RandomFile is an optional file containing
# randdomness
# EAPTLS_RandomFile /usr/local/ssl/certs/random
# EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
# size that will be replied by Radiator. It must be small
# enough to fit in a single Radius request (ie less than 4096)
# and still leave enough space for other attributes
# EAPTLS_RandomFile is an optional file containing
# randdomness
# EAPTLS_RandomFile /usr/local/ssl/certs/random
# EAPTLS_MaxFragmentSize sets the maximum TLS fragemt
# size that will be replied by Radiator. It must be small
# enough to fit in a single Radius request (ie less than 4096)
# and still leave enough space for other attributes
# Aironet APs seem to need a smaller MaxFragmentSize
# (eg 1024) than the default of 2048
EAPTLS_MaxFragmentSize 1024
# EAPTLS_DHFile if set specifies the DH group file. It
# may be required if you need to use ephemeral DH keys.
# EAPTLS_DHFile /home/dpavani/dh
</AuthBy>
AuthLog myauthlogger
</Handler>
logfile
Description: application/java-applet
