R: Eap-Tls Problem

Matteo Lazzarini mlazzarini at crema.unimi.it
Wed Aug 23 15:39:36 CEST 2006


Michael Joosten wrote:

> Matteo Lazzarini wrote:
>
>> Matteo Lazzarini wrote:
>>
>> I am continuing to make various tests but I do not resolve the 
>> problem… nobody has ideas/help?
>> - List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/devel.html
>>
> I don't know (never tried, no opportunity) how WEP, client PC and AAA 
> server deal out the WLAN secrets, but from my logfiles using PPP as 
> NAS on both sides it still looks like what Stefan Winter said:
>
> We have too large EAP packets, an incoming request containing the TLS 
> Client Hello, Certificates, Cipherlist etc, and Radius replies with a 
> similar long one containing the TLS Server Hello, Certificates, 
> Cipherlist, etc, and the TLS request for a key exchange, I'd guess.
> From then on, either the XP client or the DLINK AP just choked.
>
> Thus, I'd recommend to look now more on the client side:
> 1) Event/Security/... logs in XP
> 2) Logging on the AP? There must be means to get some status/syslog 
> messages/whatever from the device, isn't it?
> 3) Use Ethereal/WinPCAP on the XP client and do a capture of the WLAN 
> interface. Verrry nice, it's even able to  dissect all the TLS 
> handshake conversation (to make sure that the right certificates are 
> exchanged) and, if used to sniff on the RADIUS port, can also combine 
> the EAP message fragments in the RADIUS attributes.
>
> OTOH, the french guideline is a little old by now, so I'd consider 
> installing a super-recent version of openssl as rather harmful than 
> necessary.
>
> Ciao, Michael
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/devel.html
>
Thanks I will make as you have said…
 I try to make an analysis of what turns in the WLAN!
 Freeradius I have installed last version available (1.1.2 that it seems 
to work!) but I know that there is also an August version SNAPSHOT but 
to me it has given problems in compile and did not install me module 
EAP-TLS (bug Debian). 
The lib I have installed to them with the command apt-get install 
openssl libssl-dev and this is the command dphg - l|grep SSL

ii  libflac++5c2                           
1.1.2-1ubuntu2                       Free Lossless Audio Codec - C++ 
runtime libr
ii  libflac7                               
1.1.2-1ubuntu2                       Free Lossless Audio Codec - runtime 
C librar
ii  liboggflac3                            
1.1.2-1ubuntu2                       Free Lossless Audio Codec - runtime 
C librar
ii  libssl-dev                             
0.9.7g-1ubuntu1.1                    SSL development libraries, header 
files and
ii  libssl0.9.7                            
0.9.7g-1ubuntu1.1                    SSL shared libraries
ii  libwww-ssl0                            
5.4.0-9ubuntu0.5.10                  The W3C-WWW library (SSL support)
ii  openssl                                
0.9.7g-1ubuntu1.1                    Secure Socket Layer (SSL) binary 
and related
ii  python-pyopenssl                       
0.6-2ubuntu1                         Python wrapper around the OpenSSL 
library (d
ii  python2.4-pyopenssl                    
0.6-2ubuntu1                         Python wrapper around the OpenSSL 
library, e
ii  ssl-cert                               
1.0-11                               Simple debconf wrapper for openssl

On the Openssl site many versions can be downloaded which 0.9.7a-x, 
0.9.8a-x, ecc..
Which the correct version?  
Someone knows gives to me of the information to care of  coupled 
freeradius-version&Openssl-version?

anticipated thanks

Matteo



More information about the Freeradius-Devel mailing list