R: Eap-Tls Problem

Michael Joosten michael.joosten at c-lab.de
Wed Aug 23 17:15:37 CEST 2006

Matteo Lazzarini wrote:

>> Thus, I'd recommend to look now more on the client side:
>> 1) Event/Security/... logs in XP
>> 2) Logging on the AP? There must be means to get some status/syslog 
>> messages/whatever from the device, isn't it?
>> 3) Use Ethereal/WinPCAP on the XP client and do a capture of the WLAN 
>> interface. Verrry nice, it's even able to  dissect all the TLS 
>> handshake conversation (to make sure that the right certificates are 
>> exchanged) and, if used to sniff on the RADIUS port, can also combine 
>> the EAP message fragments in the RADIUS attributes.
>> OTOH, the french guideline is a little old by now, so I'd consider 
>> installing a super-recent version of openssl as rather harmful than 
>> necessary.
> Thanks I will make as you have said…
> I try to make an analysis of what turns in the WLAN!

Another idea would be to reduced&uncomment the fragment_size in eap.conf 
from 1024 (default) to, say, 700-800. This will change the output of the 
log file, as more RADIUS request and challenges are required. Unlikely 
that this is the reason, but still worth a try.

> Freeradius I have installed last version available (1.1.2 that it 
> seems to work!) but I know that there is also an August version 
> SNAPSHOT but to me it has given problems in compile and did not 
> install me module EAP-TLS (bug Debian). The lib I have installed to 
> them with the command apt-get install openssl libssl-dev and this is 
> the command dphg - l|grep SSL
I'm also using 0.9.7g. You can check which openssl libs a running 
freeradius process is using by looking at /proc/<pid of radiusd>/maps.

Good Luck, Michael

More information about the Freeradius-Devel mailing list