R: Eap-Tls Problem
Michael Joosten
michael.joosten at c-lab.de
Wed Aug 23 17:15:37 CEST 2006
Matteo Lazzarini wrote:
>>
>> Thus, I'd recommend to look now more on the client side:
>> 1) Event/Security/... logs in XP
>> 2) Logging on the AP? There must be means to get some status/syslog
>> messages/whatever from the device, isn't it?
>> 3) Use Ethereal/WinPCAP on the XP client and do a capture of the WLAN
>> interface. Verrry nice, it's even able to dissect all the TLS
>> handshake conversation (to make sure that the right certificates are
>> exchanged) and, if used to sniff on the RADIUS port, can also combine
>> the EAP message fragments in the RADIUS attributes.
>>
>> OTOH, the french guideline is a little old by now, so I'd consider
>> installing a super-recent version of openssl as rather harmful than
>> necessary.
>>
> Thanks I will make as you have said…
> I try to make an analysis of what turns in the WLAN!
Another idea would be to reduced&uncomment the fragment_size in eap.conf
from 1024 (default) to, say, 700-800. This will change the output of the
log file, as more RADIUS request and challenges are required. Unlikely
that this is the reason, but still worth a try.
> Freeradius I have installed last version available (1.1.2 that it
> seems to work!) but I know that there is also an August version
> SNAPSHOT but to me it has given problems in compile and did not
> install me module EAP-TLS (bug Debian). The lib I have installed to
> them with the command apt-get install openssl libssl-dev and this is
> the command dphg - l|grep SSL
>
I'm also using 0.9.7g. You can check which openssl libs a running
freeradius process is using by looking at /proc/<pid of radiusd>/maps.
Good Luck, Michael
More information about the Freeradius-Devel
mailing list