On 04/18/2012 10:00 AM, Sudhir Harwalkar wrote: > How to configure the client to trust the CA certificate?
That depends on the client. What you wrote below sounds correct. > What I done was, converted CA, Client and Client Pvt key to hex value because > in our code we are giving as hex code. Ok. > Using this I run the radius server using TLS config file its showing > continuously as Challenge. What does the client log show? The client log should show why it is not responding to the Challenge Radiator sends. Heikki > Regards > Sudhir H > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Heikki Vatiainen > Sent: Monday, April 16, 2012 2:39 PM > To: [email protected] > Subject: Re: [RADIATOR] FW: FW: RADIATOR: EAP-FAST-MSCHAPv2 > > On 04/16/2012 11:12 AM, Sudhir Harwalkar wrote: > >> 1. Please guide me how to keep PACs in memory, what are all the changes need >> to make in config files. > > You need to change the Handler for outer EAP-FAST authentication to use > AuthBy SQL. See goodies/sql.cfg and look for CreateEAPFastPACQuery and > GetEAPFastPACQuery. > > For defintion of the single table that is needed, see > goodies/mysqlCreate.sql. The table is EAPFAST_PAC > > MySQL is not required, it is just used for an example. You could try SQLite > for a simple file based DB. http://www.sqlite.org/download.html > > You can keep all EAPTLS_* settings the same as they are now when setting up > AuthBy SQL. > >> 2. I tried to authenticate with the EAP-TLS, as I was seen Access challenge >> message only and I haven't found any error in that case, please find the >> log, and config files for this. > > The log shows two different messages: > 1. EAP Identity from your client > 2. EAP-TLS start from Radiator > > The client then resends the identity. Check the client settings. It seems not > to accept EAP-TLS or is otherwise incorrectly configured. Note that at some > point you need to configure the client to trust the CA certificate in > certificates/demoCA/cacert.pem > > Thanks! > Heikki > > >> Regards >> Sudhir H >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Heikki Vatiainen >> Sent: Friday, April 13, 2012 6:00 PM >> To: [email protected] >> Subject: Re: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >> >> On 04/12/2012 04:14 PM, Sudhir Harwalkar wrote: >> >>> 1. Whenever I flash the new code to the device it's generating new PAC key >>> at that time it's getting authenticate with the server, >>> If PACs are gone after a restart, but our device generating the same >>> and send to the server so it should authenticate, why that's not happening >>> here. >> >> If the server has lost its PACs, the client PAC are useless. It is the >> server that decides if the PAC is valid. If the server refuses the PAC >> client sends, then a new PAC needs to be provisioned to the client. That is >> my take to how this should work. >> >>> 2. For EAP-TLS I took CA Certificate from >>> C:\Radiator\Radiator-Locked-4.9\certificates\demoCA \cacert.pem and for >>> Client I used C:\Radiator\Radiator-Locked-4.9\certificates\ cert-clt.pem is >>> these are the correct files that I am using. >> >> Yes. See goodies/eap_tls.cfg for an example of EAP-TLS configuration. >> >> Heikki >> >> >>> Sudhir H >>> >>> -----Original Message----- >>> From: Heikki Vatiainen [mailto:[email protected]] >>> Sent: Thursday, April 12, 2012 2:52 PM >>> To: Sudhir Harwalkar >>> Subject: Re: FW: [RADIATOR] FW: RADIATOR: EAP-FAST-MSCHAPv2 >>> >>> On 04/12/2012 09:25 AM, Sudhir Harwalkar wrote: >>> >>>> Thanks for helping me Heikki, when I flash the new code, then start the >>>> radius server it's working fine after that I restarted the radius server >>>> and power on the device then it's not authenticated. >>>> Again I flash the code and verified working fine. >>> >>> Ok. Good to hear it works. >>> >>>> Problem arises only if I restart the radius server. >>>> This should not happen right. >>> >>> By default Radiator keeps PACs in memory and they are gone after a restart. >>> There is a possibility to keep them in SQL so that they survive across >>> reboots. >>> >>> Heikki >>> >>> >>> >>> >>> Larsen & Toubro Limited >>> >>> www.larsentoubro.com >>> >>> This Email may contain confidential or privileged information for the >>> intended recipient (s) If you are not the intended recipient, please do not >>> use or disseminate the information, notify the sender and delete it from >>> your system. >>> _______________________________________________ >>> radiator mailing list >>> [email protected] >>> http://www.open.com.au/mailman/listinfo/radiator >> >> >> -- >> Heikki Vatiainen <[email protected]> >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator >> >> >> Larsen & Toubro Limited >> >> www.larsentoubro.com >> >> This Email may contain confidential or privileged information for the >> intended recipient (s) If you are not the intended recipient, please do not >> use or disseminate the information, notify the sender and delete it from >> your system. > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, > PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full > source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator > > > Larsen & Toubro Limited > > www.larsentoubro.com > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
