On 12/13/2011 03:07 PM, Röver, Christian wrote: Hello Christian,
> while trying to configure Radiator to work with the radsec protocol, I > get the following error: Can you reply with more debug messages. There should be more in the log about what was the check that failed. > *Tue Dec 13 13:22:17 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401* > *Tue Dec 13 13:22:17 2011: ERR: StreamTLS client error: -1, 1, 4401, > 2400: 1 * > *- error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed* > > Does anyone have an idea which components I might have to check or where > to find the mistake in my config? You could try commenting out the checks: TLS_ExpectedPeerName CN=.*\.toplevel\.de TLS_SubjectAltNameURI .*toplevel.de and then see if it works. If it works, add one check first, watch the logs, and then when the first check works add the other while keeping eye on the log. Thanks! Heikki > (System: Win 2008r2 x64, newest perl, openssl and net-ssleay) > > > > *_Radius.cfg:_* > > > > AuthPort 1645,1812 > > AcctPort > > > > Foreground > > LogStdout > > LogDir . > > DbDir . > > Trace 4 > > > > DictionaryFile > C:/radius/radiator/dictionary,C:/radius/radiator/dictionary.cisco > > > > #Accesspoints# > > <Client x.x.x.0/24> > > Secret specialsecret > > </Client> > > > > #DC# > > <Client x.x.x.x> > > Secret oursecret > > IgnoreAcctSignature > > </Client> > > > > > > <ServerRADSEC> > > BindAddress 127.0.0.1 > > Port 2083 > > Secret oursecret > > UseTLS 1 > > TLS_CAPath C:/radius/certificates/ca > > TLS_CertificateFile > C:/radius/certificates/server.institution.de.pem > > TLS_CertificateType PEM > > TLS_PrivateKeyFile > C:/radius/certificates/server.institution.de.key > > TLS_PrivateKeyPassword servercertpassword > > TLS_ExpectedPeerName CN=.*\.toplevel\.de > > TLS_SubjectAltNameURI .*toplevel.de > > </ServerRADSEC> > > > > > > <Realm ourinstitution.de> > > <AuthBy RADIUS> > > Host x.x.x.x > > Secret oursecret > > AuthPort 1812 > > > > EAPType TLS,PEAP,MSCHAP-V2 > > > EAPTLS_CAPath C:/radius/certificates/ca > > EAPTLS_CertificateFile > C:/radius/certificates/server.institution.de.pem > > EAPTLS_CertificateType PEM > > EAPTLS_PrivateKeyFile > C:/radius/server.institution.de.key > > EAPTLS_PrivateKeyPassword servercertpassword > > EAPTLS_MaxFragmentSize 1000 > > AutoMPPEKeys > > SSLeayTrace 1 > > </AuthBy> > > </Realm> > > > > <Realm DEFAULT> > > <AuthBy RADSEC> > > Host xyz1.toplevel.de > > Host xyz2.toplevel.de > > Port 2083 > > UseTLS 1 > > Secret oursecret > > ReconnectTimeout 1 > > NoreplyTimeout 5 > > > > TLS_CAPath > C:/radius/certificates/ca > > TLS_CertificateFile > C:/radius/certificates/server.institution.de.pem > > TLS_CertificateType PEM > > TLS_PrivateKeyFile > C:/radius/certificates/server.institution.de.key > > TLS_PrivateKeyPassword > servercertpassword > > #TLS_ExpectedPeerName CN=.*\.toplevel\.de > > #SSLeayTrace 1 > > </AuthBy> > > </Realm> > > > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
