Hello Jerome, On Wed, 25 Jun 2003 01:37 am, Jerome Fleury wrote: > --On Tuesday, June 24, 2003 09:58:28 PM +1000 Mike McCauley <[EMAIL PROTECTED]> wrote: > > Hello Jerome, > > > > On Tue, 24 Jun 2003 08:32 pm, Jerome Fleury wrote: > >> --On mardi 24 juin 2003 09:26 +1000 Mike McCauley <[EMAIL PROTECTED]> wrote: > >> > Hello Jeremy, > >> > > >> > thanks for the full log. > >> > > >> > Looks like Radiator is not seeing a completed client hello from your > >> > client: its still waiting for the client hello to be closed off. > >> > This is very puzzling: your client is behaving differently to other > >> > clients we have observed. > >> > > >> > What PEAP client are you using? > >> > >> Well, this is quite strange as I use both Windows2000 client (hotfix > >> from microsoft) and Funk Odyssey client, giving the same bad result. > >> > >> Maybe the source of the problem could be the AP (Cisco 1200) or the > >> client card (Orinoco, one of the first Lucent ones indeed) ? > > > > OK, I have just retested here with the latest Odyssey 2.0 client and > > Windows 2000. I can see that the latest Odyssey client does in fact act > > differently on 2000, nevertheless Radiator worked ok here with it with a > > successful authentication > > > > So now I am back to wondering why Radaitor did not respond to the client > > hello. Normally it responds with the server certificate. > > > > I have looked closely again at your log file and I see something else > > strange: > > > > Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465 > > Mon Jun 23 14:04:09 2003: ERR: jeje - want read > > Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465, > > > > it seems not to have recognised that reason 2 is WANT_READ and instead > > reported an error. > > This indicates that there is a problem with either the openssl install > > oor the Net_SSLeay install. > > Im sorry I did not see this before. > > No that's me sorry not to have precised this: I added some debug code in > the WANT_READ condition block: > > elsif ($reason == ERROR_WANT_READ) > { > $self->log($main::LOG_ERR, "jeje - want read", $p); > my $errs = &Net::SSLeay::print_errs(); > $self->log($main::LOG_ERR, "EAP TLS error: $ret, > $reason, $state, $errs"); > $self->eap_failure($p->{rp}, $context); > > # Looking for more data, just ack this > } > > So that it recognizes WANT_READ well. Sorry for giving you a bad path.
OK. I understand now. If you are convinced the openssl/Net_SSLeay install is OK, its time to look at your config. Are you testing with the example eap_peap.cfg file, and the test certificates we supply? May we see your config file (no secrets)? > > > I strongly suggest you : > > > > 1. Ensure there are no old versions of ssl, openssl or Net_SSLeay > > installed on your host. > > No, old older versions are overrided. > > > 2. Compile and install openssl 0.9.7 > > done. > > > 3. Compile and install Net_SSLeay 1.22 (using the Makefile.PL > > /usr/local/ssl arg above) > > done (1.23) OK. Tested OK with 1.23 here. > > At this point, I think I'll try on an other fresh Unix install. OK. Cheers. > > Thanks for your help Mike. > -- > Jerome Fleury > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.