R: Eap-Tls Problem

Matteo Lazzarini mlazzarini at crema.unimi.it
Wed Aug 23 20:49:04 CEST 2006

Michael Joosten wrote:

> Matteo Lazzarini wrote:
>>> Thus, I'd recommend to look now more on the client side:
>>> 1) Event/Security/... logs in XP
>>> 2) Logging on the AP? There must be means to get some status/syslog 
>>> messages/whatever from the device, isn't it?
>>> 3) Use Ethereal/WinPCAP on the XP client and do a capture of the 
>>> WLAN interface. Verrry nice, it's even able to  dissect all the TLS 
>>> handshake conversation (to make sure that the right certificates are 
>>> exchanged) and, if used to sniff on the RADIUS port, can also 
>>> combine the EAP message fragments in the RADIUS attributes.
>>> OTOH, the french guideline is a little old by now, so I'd consider 
>>> installing a super-recent version of openssl as rather harmful than 
>>> necessary.
>> Thanks I will make as you have said…
>> I try to make an analysis of what turns in the WLAN!
> Another idea would be to reduced&uncomment the fragment_size in 
> eap.conf from 1024 (default) to, say, 700-800. This will change the 
> output of the log file, as more RADIUS request and challenges are 
> required. Unlikely that this is the reason, but still worth a try.

Thanks for the council, I will try also this

>> Freeradius I have installed last version available (1.1.2 that it 
>> seems to work!) but I know that there is also an August version 
>> SNAPSHOT but to me it has given problems in compile and did not 
>> install me module EAP-TLS (bug Debian). The lib I have installed to 
>> them with the command apt-get install openssl libssl-dev and this is 
>> the command dphg - l|grep SSL
> I'm also using 0.9.7g. You can check which openssl libs a running 
> freeradius process is using by looking at /proc/<pid of radiusd>/maps.

I have watched /proc/ <pid of radiusd>/maps as you have advised to me.
how you have installed them the 0.9.7g? with ./config 
--prefix=/usr/local/openssl and then you have passed the thing during 
./configure of freeradius?

> Good Luck, Michael
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/devel.html

More information about the Freeradius-Devel mailing list