from:"Beekmann \\\(EXT\\\), Lars"

EAP TLS: Receiving unexpected Tunneled Data

2004-10-19 Thread Beekmann \(EXT\), Lars









Hi,



Im using freeradius v1.0.1 on Suse Linux 9.1 with
EAP-TLS for authentication.

After installing new certs, created with my own scripts I get
the Message Receiving unexpected Tunneled Data.

Does anyone have a clue what went wrong ?!



THX






Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = /usr/local
 main: localstatedir = /usr/local/var
 main: logdir = /usr/local/var/log/radius
 main: libdir = /usr/local/lib
 main: radacctdir = /usr/local/var/log/radius/radacct
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = /usr/local/var/log/radius/radius.log
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
 main: user = (null)
 main: group = (null)
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/local/sbin/checkrad
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec 
 exec: wait = yes
 exec: program = (null)
 exec: input_pairs = request
 exec: output_pairs = (null)
 exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = crypt
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = (null)
 mschap: authtype = MS-CHAP
 mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = (null)
 unix: shadow = (null)
 unix: group = (null)
 unix: radwtmp = /usr/local/var/log/radius/radwtmp
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = tls
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = Password: 
 gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = (null)
 tls: pem_file_type = yes
 tls: private_key_file = /usr/local/etc/raddb/certs/server.pem
 tls: certificate_file = /usr/local/etc/raddb/certs/server.pem
 tls: CA_file = /usr/local/etc/raddb/certs/root.pem
 tls: private_key_password = x_beekma_ext
 tls: dh_file = /usr/local/etc/raddb/certs/dh
 tls: random_file = /usr/local/etc/raddb/certs/random
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = (null)
rlm_eap: Loaded and initialized type tls
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
 preprocess: hints = /usr/local/etc/raddb/hints
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = suffix
 realm: delimiter = @
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = /usr/local/etc/raddb/users
 files: acctusersfile = /usr/local/etc/raddb/acct_users
 files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users
 files: compat = no
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,

EAP TLS login fails after creation of new certs

2004-10-18 Thread Beekmann \(EXT\), Lars









Hi,



Im running a FreeRadius 1.0.1 Server on Suse
Linux v9.1 with EAP-TLS for Authentication.



I have previousliy used the CA.all Script to
generate the necessary Certificates for test purpose.

Now I tried to write a script for creating the Certs
myself  without obvious problems.

But after I installed the Certs on the Radius Server
and the Windows XP Client, the Client doesnt 

Login anymore. 

Can anyone tell me what Ive done wrong with
the Certs?! 



Big THX to you all.



Skript for Root Cert



Pass=XXX  #Pass for PrivKey



openssl genrsa -out ./root.key -passout pass:${Pass}
1024

openssl req -new -key ./root.key -passin
pass:${Pass} -passout pass:${Pass} -out ./root.req 

openssl x509 -req -days 365 -in ./root.req -signkey
./root.key -out ./root.cert -passin pass:${Pass}

openssl pkcs12 -export -cacerts -in ./root.cert
-passin pass:${Pass} -passout pass:${Pass} -inkey ./root.key -out ./root.p12 

openssl pkcs12 -in ./root.p12 -out ./root.pem
-passin pass:${Pass} -passout pass:${Pass}

openssl x509 -inform PEM -outform DER -in ./root.pem
-out ./root.der



Skript for Server Cert



Pass=XXX  #Pass for PrivKey



openssl genrsa -out ./server.key -passout
pass:${Pass} 1024

openssl req -new -key ./server.key -passin
pass:${Pass} -passout pass:${Pass} -out ./server.req

openssl x509 -req -days 365 -CA ./../Root/root.cert
-CAkey ./../Root/root.key -CAcreateserial -in ./server.req -out ./server.cert
-passin pass:${Pass}

openssl pkcs12 -export -in ./server.cert -passin
pass:${Pass} -passout pass:${Pass} -inkey ./server.key -out ./server.p12 

openssl pkcs12 -in ./server.p12 -out ./server.pem
-passin pass:${Pass} -passout pass:${Pass}

openssl x509 -inform PEM -outform DER -in
./server.pem -out ./server.der



Skript for Client Cert



Pass=XXX #Pass for PrivKey



openssl genrsa -out ./client.key -passout
pass:${Pass} 1024

openssl req -new -key ./client.key -passin
pass:${Pass} -passout pass:${Pass} -out ./client.req

openssl x509 -req -days 365 -CA ./../Root/root.cert
-CAkey ./../Root/root.key -CAcreateserial -in ./client.req -out ./client.cert
-passin pass:${Pass}

openssl pkcs12 -export -in ./client.cert -passin
pass:${Pass} -passout pass:${Pass} -inkey ./client.key -out ./client.p12 

openssl pkcs12 -in ./client.p12 -out ./client.pem
-passin pass:${Pass} -passout pass:${Pass}

openssl x509 -inform PEM -outform DER -in
./client.pem -out ./client.der

EAP TLS: Receiving unexpected Tunneled Data

EAP TLS login fails after creation of new certs

2 matches

Site Navigation

Mail list logo

Footer information