RADSEC testing with FR 3.1

Alex Sharaz alex.sharaz at york.ac.uk
Thu Dec 8 16:21:27 CET 2016


Now I did some radsec stuff in 2013 with radsecproxy but those brain cells
have long gone, and I need to use FR for this

So

As advised given up on FR 4.0
Built 2 servers running FR 3.1
Copied TLS example into /etc/freeradius/sites-enabled at both end.
Wrapped listen statement with server {...} to get it to run
Defined sending  client IPv6 address at end supposed to be connecting to
Added home_server/pool/realm at sending end
Built eapol_test so I could fire an eap_peap request at the other end.
Run both serevers with
radiusd -d /etc/freeradius -fxxxx -l /var/log/radius.log>/var/log/radius.log

(yes its -fxxx because that's what it tells me to do if you want to use tls)

run eapol_test -c /usr/local/etc/sharaz-peap.conf -a 127.0.0.1 -s testing123

receiving end gets

Thu Dec  8 14:24:56 2016 : Info  : Ready to process requests
Thu Dec  8 14:25:00 2016 : Debug :  ... new connection request on TCP socket
Thu Dec  8 14:25:00 2016 : Debug : Listening on auth+acct from client
(2a01:348:6:59d::2, 56193) -> (::, 2083, virtual-server=sharaz-tls)
Thu Dec  8 14:25:00 2016 : Debug : tls - Closing TLS socket from client
port 56193
Thu Dec  8 14:25:00 2016 : Debug : tls - Client has closed connection
Thu Dec  8 14:25:00 2016 : Info  :  ... shutting down socket auth+acct from
client (2a01:348:6:59d::2, 56193) -> (::, 2083, virtual-server=sharaz-tls)


Sender seems to have
Thu Dec  8 14:41:53 2016 : Debug : No matches
Thu Dec  8 14:41:53 2016 : Info  : (1)        sql - Need 2 more connections
to reach min connections (3)
Thu Dec  8 14:41:53 2016 : Debug : Trying SSL to port 2083
Thu Dec  8 14:41:53 2016 : Debug : tls - Requiring Server certificate
Thu Dec  8 14:41:53 2016 : Error : tls - System call (I/O) error (0)
Thu Dec  8 14:41:53 2016 : Error : Failed starting SSL to new proxy socket
'proxy (::, 0) -> home_server (2a03:b0c0:1:a1::a9f:8001, 2083)'
Thu Dec  8 14:41:53 2016 : Proxy : (1)  Failed to insert request into the
proxy list
Thu Dec  8 14:41:53 2016 : Debug : Thread 5 waiting to be assigned a request



So how do I enable enough debugging to figure out what's gone wrong at the
System Call I/O error log message point ?


More information about the Freeradius-Users mailing list