On 12/14/2011 11:52 AM, Röver, Christian wrote: > thank you for your fast reply. I commented out the two lines you suggested. > There is no difference to see in the logs. > The stream server always gets disconnected when receiving a request..
Are the certificates still valid? You could do something like this to check the Validity: openssl x509 -noout -text -in cert-srv.pem If the certificates seem to be ok, please reply with your full configuration file (no secrets or passwords needed) and Trace 4 log file that shows everything from Radiator startup to these error messages. Thanks! > Wed Dec 14 09:57:44 2011: DEBUG: Creating StreamServer tcp port > 127.0.0.1:2083 > Wed Dec 14 09:57:45 2011: DEBUG: Stream attempting tcp connection to > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS Client Started for > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: Stream attempting tcp connection to > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: Stream connected to xyz2.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS sessionInit for xyz2.toplevel.de > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS Client Started for > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: Finished reading configuration file > 'C:\Program Files\Radiator\radius.cfg' > Wed Dec 14 09:57:45 2011: DEBUG: Reading dictionary file > 'C:/radius/radiator/dictionary' > Wed Dec 14 09:57:45 2011: DEBUG: Reading dictionary file > 'C:/radius/radiator/dictionary.cisco' > Wed Dec 14 09:57:45 2011: DEBUG: Creating authentication port 0.0.0.0:1645 > Wed Dec 14 09:57:45 2011: DEBUG: Creating authentication port 0.0.0.0:1812 > Wed Dec 14 09:57:45 2011: NOTICE: Server started: Radiator 4.9 on roaming > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:45 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:45 2011: DEBUG: Stream disconnected from > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:45 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:45 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:45 2011: DEBUG: Stream disconnected from > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:46 2011: DEBUG: Stream attempting tcp connection to > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: Stream connected to xyz2.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS sessionInit for xyz2.toplevel.de > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS Client Started for > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: Stream attempting tcp connection to > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS Client Started for > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:47 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:47 2011: DEBUG: Stream disconnected from > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:47 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:47 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:47 2011: DEBUG: Stream disconnected from > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Stream attempting tcp connection to > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS Client Started for > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Stream attempting tcp connection to > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Stream connected to xyz2.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS sessionInit for xyz2.toplevel.de > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS Client Started for > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:48 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:48 2011: DEBUG: Stream disconnected from > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:48 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:48 2011: DEBUG: Stream disconnected from > xyz2.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Packet dump: > *** Received from x.x.x.222 port 1645 .... > Code: Access-Request > Identifier: 185 > Authentic: E<134><25>DgO<182><201>1<247><149><244><174><166>.<209> > Attributes: > User-Name = " [email protected]" > Framed-MTU = 1400 > Called-Station-Id = "001e.4a8f.5290" > Calling-Station-Id = "3cd0.f80a.c5db" > Service-Type = Login > Message-Authenticator = > <243><254><249><158><160><208>E<182>u<1><240>Q$<184><186><26> > EAP-Message = <2><1><0><24><1>[email protected] > NAS-Port-Type = Wireless-IEEE-802-11 > NAS-Port = 61565 > NAS-Port-Id = "61565" > NAS-IP-Address = x.x.x.222 > NAS-Identifier = "apx.x.x.222" > > Wed Dec 14 09:57:48 2011: DEBUG: Handling request with Handler > 'Realm=DEFAULT', Identifier '' > Wed Dec 14 09:57:48 2011: DEBUG: Deleting session for > [email protected], x.x.x.222, 61565 > Wed Dec 14 09:57:48 2011: DEBUG: Handling with Radius::AuthRADSEC > Wed Dec 14 09:57:48 2011: DEBUG: Stream attempting tcp connection to > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Stream connected to xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS sessionInit for xyz1.toplevel.de > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4384 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS Client Started for > xyz1.toplevel.de:2083 > Wed Dec 14 09:57:48 2011: DEBUG: Packet dump: > *** Sending request to RadSec xyz1.toplevel.de:2083 .... > Code: Access-Request > Identifier: 1 > Authentic: E<134><25>DgO<182><201>1<247><149><244><174><166>.<209> > Attributes: > User-Name = " [email protected]" > Framed-MTU = 1400 > Called-Station-Id = "001e.4a8f.5290" > Calling-Station-Id = "3cd0.f80a.c5db" > Service-Type = Login > Message-Authenticator = > <243><254><249><158><160><208>E<182>u<1><240>Q$<184><186><26> > EAP-Message = <2><1><0><24><1>[email protected] > NAS-Port-Type = Wireless-IEEE-802-11 > NAS-Port = 61565 > NAS-Port-Id = "61565" > NAS-IP-Address = x.x.x.222 > NAS-Identifier = "apx.x.x.222" > Proxy-State = OSC-Extended-Id=1 > > Wed Dec 14 09:57:48 2011: DEBUG: AuthBy RADSEC result: IGNORE, > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 2, 4400 > Wed Dec 14 09:57:48 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 > Wed Dec 14 09:57:48 2011: ERR: StreamTLS client error: -1, 1, 4401, 1768: 1 > - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed > > Wed Dec 14 09:57:48 2011: DEBUG: Stream disconnected from > xyz1.toplevel.de:2083 > > > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
