Hi folks
I'm new here and I'm trying to configure Radius for
my home wireless network. I use RADIUS on fedora core 4, my AP is WRT54G and
clients are on WindowsXp sp2.
rlm_eap_tls: Length Included
Wed Dec 28
15:41:18 2005 : Error: TLS_accept:error in SSLv3 read
client certificate A
Wed Dec 28 15:41:19 2005 : Info: rlm_eap_tls:
Length Included
Wed Dec 28 15:41:19 2005 : Error: --> verify
error:num=20:unable to get local issuer certificate
Wed Dec 28 15:41:19 2005
: Error: TLS Alert write:fatal:unknown CA
Wed Dec 28 15:41:19 2005 :
Error: TLS_accept:error in SSLv3 read client certificate
B
Wed Dec 28 15:41:19 2005 : Error: rlm_eap_tls: SSL_read failed in a system
cal
When I try to do radiusd -X -A I get
Starting - reading configuration files
...
reread_config: reading radiusd.conf
Config:
including file: /usr/local/etc/raddb/proxy.conf
Config: including
file: /usr/local/etc/raddb/clients.conf
Config: including file:
/usr/local/etc/raddb/snmp.conf
Config: including file:
/usr/local/etc/raddb/eap.conf
Config: including file:
/usr/local/etc/raddb/sql.conf
main: prefix =
"/usr/local"
main: localstatedir = "/usr/local/var"
main:
logdir = "/usr/local/var/log/radius"
main: libdir =
"/usr/local/lib"
main: radacctdir =
"/usr/local/var/log/radius/radacct"
main: hostname_lookups =
no
main: max_request_time = 30
main: cleanup_delay =
5
main: max_requests = 1024
main: delete_blocked_requests =
0
main: port = 0
main: allow_core_dumps = no
main:
log_stripped_names = no
main: log_file =
"/usr/local/var/log/radius/radius.log"
main: log_auth =
no
main: log_auth_badpass = no
main: log_auth_goodpass =
no
main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
main: user =
"nobody"
main: group = "nobody"
main: usercollide =
no
main: lower_user = "no"
main: lower_pass =
"no"
main: nospace_user = "no"
main: nospace_pass =
"no"
main: checkrad = "/usr/local/sbin/checkrad"
main:
proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count
= 3
proxy: synchronous = no
proxy: default_fallback =
yes
proxy: dead_time = 120
proxy: post_proxy_authorize =
yes
proxy: wake_all_if_all_dead = no
security: max_attributes
= 200
security: reject_delay = 1
security: status_server =
no
main: debug_level = 0
read_config_files: reading
dictionary
read_config_files: reading naslist
Using deprecated
naslist file. Support for this will go away
soon.
read_config_files: reading clients
read_config_files:
reading realms
radiusd: entering modules setup
Module: Library
search path is /usr/local/lib
Module: Loaded exec
exec: wait =
yes
exec: program = "(null)"
exec: input_pairs =
"request"
exec: output_pairs = "(null)"
exec: packet_type =
"(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded
expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap:
encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded
CHAP
Module: Instantiated chap (chap)
Module: Loaded
MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption =
no
mschap: require_strong = no
mschap: with_ntdomain_hack =
no
mschap: passwd = "(null)"
mschap: authtype =
"MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap
(mschap)
Module: Loaded System
unix: cache = no
unix:
passwd = "(null)"
unix: shadow = "(null)"
unix: group =
"(null)"
unix: radwtmp =
"/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix:
cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded
eap
eap: default_eap_type = "tls"
eap: timer_expire =
60
eap: ignore_unknown_eap_types = no
eap:
cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type
md5
rlm_eap: Loaded and initialized type leap
gtc: challenge =
"Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized
type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange =
yes
tls: rsa_key_length = 512
tls: dh_key_length =
512
tls: verify_depth = 0
tls: CA_path =
"(null)"
tls: pem_file_type = yes
tls: private_key_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
tls: certificate_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
tls: CA_file =
"/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls:
private_key_password = "adam01"
tls: dh_file =
"/usr/local/etc/raddb/certs/dh"
tls: random_file =
"/usr/local/etc/raddb/certs/random"
tls: fragment_size =
1024
tls: include_length = yes
tls: check_crl =
no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized
type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and
initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded
preprocess
preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups"
preprocess: hints =
"/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack =
no
preprocess: ascend_channels_per_line = 23
preprocess:
with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack =
no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated
preprocess (preprocess)
Module: Loaded realm
realm: format =
"suffix"
realm: delimiter = "@"
realm: ignore_default =
no
realm: ignore_null = no
Module: Instantiated realm
(suffix)
Module: Loaded files
files: usersfile =
"/usr/local/etc/raddb/users"
files: acctusersfile =
"/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module:
Instantiated files (files)
Module: Loaded
Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique
(acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail:
detailperm = 384
detail: dirperm = 493
detail: locking =
no
Module: Instantiated detail (detail)
Module: Loaded
radutmp
radutmp: filename =
"/usr/local/var/log/radius/radutmp"
radutmp: username =
"%{User-Name}"
radutmp: case_sensitive = yes
radutmp:
check_with_nas = yes
radutmp: perm = 384
radutmp: callerid =
yes
Module: Instantiated radutmp (radutmp)
Listening on authentication
*:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready
to process requests.
And now nothing is happen.
So if you now how please help me