Hi.
I'm a student of the Polytechnic Instituite of Tomar, and i am
working in one project with PEAP authentication over 802.11b wireless
LANS. One of my cenarios to test the authentication, result in one error
reported by the RADIUS server (in this case FreeRadius 1.0.1). I don't
know how i resolve this problem. The problem returned by the debug mode of
freeradius was:
radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.0.1.so: undefined
symbol: SSL_set_msg_callback
In the logs files i see the packets recived by the freeradius and the
debug mode show the same information (when recive the packet from the
NAS), but the server when recive this packet dosen't response to the NAS
and report the error mentioned above.
The cenario used in this situation was:
|||| wireless |||||| 192.168.2.0/24 |||||
|++| ------------ || ----------------- |***|
|++| || | |***|
|||| || | |||||
Supplicant NAS | RADIUS Server
(WinXPPro 1sp) (Access Point) | (FreeRadius)
|
( )
( )
( )
Network Resources
In this cenario the supplicant must gain authorization from the radius
server to access the resources of the network (192.168.2.0/24) like http server
and dhcp, etc. I'm using the supplicant of the winxp to use PEAP in this
authorization. The radius server and the NAS (AP) are in the same network
of the resources (192.168.2.0/24).
I thank you for any help you could provide. You can see the confs used in
this cenario bellow.
---------- Attatchments-------------------------------
My conf files used in this cenario was:
<------------------radiusd.conf----------------------------->
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = clear
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = yes
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
ttls {
copy_request_to_tunnel = yes
use_tunneled_reply = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
mschap {
authtype = MS-CHAP
use_mppe = yes
}
realm suffix {
format = suffix
delimiter = "@"
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/detail
detailperm = 0600
}
detail auth_log {
detailfile = ${radacctdir}/auth-detail
detailperm = 0600
}
detail reply_log {
detailfile = ${radacctdir}/reply-detail
detailperm = 0600
}
detail pre_proxy_log {
detailfile = ${radacctdir}/pre-proxy-detail
}
detail post_proxy_log {
detailfile = ${radacctdir}/post-proxy-detail
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
#attr_filter {
# attrsfile = ${confdir}/attrs
#}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
}
authorize {
auth_log
suffix
eap
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
preacct {
suffix
files
}
accounting {
acct_unique
detail
radutmp
}
session {
radutmp
}
post-auth {
reply_log
}
pre-proxy {
pre_proxy_log
}
post-proxy {
post_proxy_log
#attr_filter
eap
}
<------------------clients.conf---------------------->
client 192.168.2.69 {
secret = 123qw
shortname = apapas01
}
<-----------------proxy.conf------------------------->
# Config global to proxy
proxy server {
synchronous = no
retry_delay = 5
retry_count = 1
dead_time = 120
default_fallback = yes
post_proxy_authorize = yes
}
# O realm of instituation
realm ipt.pt {
type = radius
authhost= LOCAL
accthost= LOCAL
}
# All other REALM?s
realm DEFAULT {
type = radius
authhost= LOCAL
accthost= LOCAL
#secret = 123qw
#nostrip
}
<-------------------users--------------------->
# Filter-Id "Professor"
test1 User-Password == "12345"
Filter-Id = "Professor"
# Filter-Id "Aluno"
test2 User-Password == "12345"
Filter-Id = "Aluno"
----------------------------------------EOF---------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
