RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
From: McKay, Raymond [mailto:RMcKay;vugames.com] Sent: den 28 oktober 2002 16:32 To: '[EMAIL PROTECTED]' Subject: RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) I am using FreeRadius 0.7.1 For this to work you need our addition to the EAP-TLS module for generating and distributing keys. It is included in CVS but not in the 0.7.1 release. -- Lars Viklund Expert Software Engineer Embedded Platforms Axis Communications AB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
Lars, one more quick question for you. Adam's EAP/TLS howto specified a requirement to build two versions of openssl one stable, the other a development snapshot for the rlm_eap module. Is that still the case. If so or if not, what version of openSSL should I use to compile? Thanks Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Lars Viklund [mailto:lars.viklund;axis.com] Sent: Monday, October 28, 2002 12:13 PM To: '[EMAIL PROTECTED]' Subject: RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) From: McKay, Raymond [mailto:RMcKay;vugames.com] Sent: den 28 oktober 2002 16:32 To: '[EMAIL PROTECTED]' Subject: RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) I am using FreeRadius 0.7.1 For this to work you need our addition to the EAP-TLS module for generating and distributing keys. It is included in CVS but not in the 0.7.1 release. -- Lars Viklund Expert Software Engineer Embedded Platforms Axis Communications AB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
From: McKay, Raymond Sent: Monday, October 28, 2002 6:53 PM Lars, one more quick question for you. Adam's EAP/TLS howto specified a requirement to build two versions of openssl one stable, the other a development snapshot for the rlm_eap module. Is that still the case. If so or if not, what version of openSSL sould I use to compile? I think Adam's guide is a bit unclear about OpenSSL requirements. An openssl from the 0.9.7 series (currently in beta) or the development series is needed for the EAP/TLS support in freeradius. As far as I know the same openssl version can be used for the rest of your system too (including freeradius). Note that we haven't verified this, there are some API changes between 0.9.6 and 0.9.7 that could possibly be an issue but IMHO they are unlikely to be a problem for freeradius. The reason for not wanting to run a beta (or development series) openssl on a (production) system is obviously that it is potential security risk. Changing openssl version to one not sanctioned by the OS vendor is also typically non- trivial on most linux distributions; many critical packages in e.g. RedHat seem to have an openssl dependency. Best regards, Henrik -- Henrik Eriksson Senior Software Engineer Embedded Applications Axis Communications ABh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
I think Adam's guide is a bit unclear about OpenSSL requirements. An openssl from the 0.9.7 series (currently in beta) or the development series is needed for the EAP/TLS support in freeradius. As far as I know the same openssl version can be used for the rest of your system too (including freeradius). Note that we haven't verified this, there are some API changes between 0.9.6 and 0.9.7 that could possibly be an issue but IMHO they are unlikely to be a problem for freeradius. Ok at risk of sounding dense here, I should be able to keep my install of openssl0.9.6g installed normally, install openssl0.9.7-beta in /usr/local/openssl, and configure freeradius by 1) ./configure --with-raddb=/etc (for my config) 2) editing ./src/modules/rlm_eap/types/rlm_eap_tls/Makefile to include path to openssl0.9.7-beta libs and includes (as in Adam's HOWTO) 3) make 4) make install It seems I must be missing something in my configuration of the build as I am dumping on the make at the rlm_eap segment of build. For Reference, my edited rlm_eap_tls makefile looks like this # Generated automatically from Makefile.in by configure. TARGET = rlm_eap_tls SRCS= rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include HEADERS = eap_tls.h RLM_INSTALL = RLM-LDFLAGS += -L/usr/local/openssl/lib RLM_LIBS+= -lcrypto -lssl $(STATIC_OBJS): $(HEADERS) $(DYNAMIC_OBJS): $(HEADERS) RLM_DIR=../../ include ${RLM_DIR}../rules.mak Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
hi Ok at risk of sounding dense here, I should be able to keep my install of openssl0.9.6g installed normally, install openssl0.9.7-beta in /usr/local/openssl, and configure freeradius by 1) ./configure --with-raddb=/etc (for my config) 2) editing ./src/modules/rlm_eap/types/rlm_eap_tls/Makefile to include path to openssl0.9.7-beta libs and includes (as in Adam's HOWTO) exactly, that's what i do. 3) make 4) make install It seems I must be missing something in my configuration of the build as I am dumping on the make at the rlm_eap segment of build. For Reference, my edited rlm_eap_tls makefile looks like this # Generated automatically from Makefile.in by configure. TARGET = rlm_eap_tls SRCS= rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include HEADERS = eap_tls.h RLM_INSTALL = RLM-LDFLAGS += -L/usr/local/openssl/lib RLM_LIBS+= -lcrypto -lssl change this line to RLM_LIBS += -lssl -lcrypto or add another instance of -lcrypto after -lssl. $(STATIC_OBJS): $(HEADERS) $(DYNAMIC_OBJS): $(HEADERS) RLM_DIR=../../ include ${RLM_DIR}../rules.mak ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t)
You sir are a saint! That finally worked like a charm. I think I am going to write up some quick, easy and clear documentation on this that covers all these little undocumented installation requirements. Thanks again for your help Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games -Original Message- From: Artur Hecker [mailto:hecker;enst.fr] Sent: Monday, October 28, 2002 2:48 PM To: [EMAIL PROTECTED] Subject: Re: EAP-TLS + ORINOCO AP-2000 + Dynamic WEP (Windows XP Supplican t) hi Ok at risk of sounding dense here, I should be able to keep my install of openssl0.9.6g installed normally, install openssl0.9.7-beta in /usr/local/openssl, and configure freeradius by 1) ./configure --with-raddb=/etc (for my config) 2) editing ./src/modules/rlm_eap/types/rlm_eap_tls/Makefile to include path to openssl0.9.7-beta libs and includes (as in Adam's HOWTO) exactly, that's what i do. 3) make 4) make install It seems I must be missing something in my configuration of the build as I am dumping on the make at the rlm_eap segment of build. For Reference, my edited rlm_eap_tls makefile looks like this # Generated automatically from Makefile.in by configure. TARGET = rlm_eap_tls SRCS= rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include HEADERS = eap_tls.h RLM_INSTALL = RLM-LDFLAGS += -L/usr/local/openssl/lib RLM_LIBS+= -lcrypto -lssl change this line to RLM_LIBS += -lssl -lcrypto or add another instance of -lcrypto after -lssl. $(STATIC_OBJS): $(HEADERS) $(DYNAMIC_OBJS): $(HEADERS) RLM_DIR=../../ include ${RLM_DIR}../rules.mak ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html