Hi. I'm a student of the Polytechnic Instituite of Tomar, and i am working in one project with PEAP authentication over 802.11b wireless LANS. One of my cenarios to test the authentication, result in one error reported by the RADIUS server (in this case FreeRadius 1.0.1). I don't know how i resolve this problem. The problem returned by the debug mode of freeradius was:
radiusd: relocation error: /usr/local/lib/rlm_eap_tls-1.0.1.so: undefined symbol: SSL_set_msg_callback In the logs files i see the packets recived by the freeradius and the debug mode show the same information (when recive the packet from the NAS), but the server when recive this packet dosen't response to the NAS and report the error mentioned above. The cenario used in this situation was: |||| wireless |||||| 192.168.2.0/24 ||||| |++| ------------ || ----------------- |***| |++| || | |***| |||| || | ||||| Supplicant NAS | RADIUS Server (WinXPPro 1sp) (Access Point) | (FreeRadius) | ( ) ( ) ( ) Network Resources In this cenario the supplicant must gain authorization from the radius server to access the resources of the network (192.168.2.0/24) like http server and dhcp, etc. I'm using the supplicant of the winxp to use PEAP in this authorization. The radius server and the NAS (AP) are in the same network of the resources (192.168.2.0/24). I thank you for any help you could provide. You can see the confs used in this cenario bellow. ---------- Attatchments------------------------------- My conf files used in this cenario was: <------------------radiusd.conf-----------------------------> prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = clear } chap { authtype = CHAP } pam { pam_auth = radiusd } eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = yes tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes } ttls { copy_request_to_tunnel = yes use_tunneled_reply = yes } peap { default_eap_type = mschapv2 } mschapv2 { } } mschap { authtype = MS-CHAP use_mppe = yes } realm suffix { format = suffix delimiter = "@" } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/detail detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/auth-detail detailperm = 0600 } detail reply_log { detailfile = ${radacctdir}/reply-detail detailperm = 0600 } detail pre_proxy_log { detailfile = ${radacctdir}/pre-proxy-detail } detail post_proxy_log { detailfile = ${radacctdir}/post-proxy-detail detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } #attr_filter { # attrsfile = ${confdir}/attrs #} counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } } authorize { auth_log suffix eap files } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } eap } preacct { suffix files } accounting { acct_unique detail radutmp } session { radutmp } post-auth { reply_log } pre-proxy { pre_proxy_log } post-proxy { post_proxy_log #attr_filter eap } <------------------clients.conf----------------------> client 192.168.2.69 { secret = 123qw shortname = apapas01 } <-----------------proxy.conf-------------------------> # Config global to proxy proxy server { synchronous = no retry_delay = 5 retry_count = 1 dead_time = 120 default_fallback = yes post_proxy_authorize = yes } # O realm of instituation realm ipt.pt { type = radius authhost= LOCAL accthost= LOCAL } # All other REALM?s realm DEFAULT { type = radius authhost= LOCAL accthost= LOCAL #secret = 123qw #nostrip } <-------------------users---------------------> # Filter-Id "Professor" test1 User-Password == "12345" Filter-Id = "Professor" # Filter-Id "Aluno" test2 User-Password == "12345" Filter-Id = "Aluno" ----------------------------------------EOF--------------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html