from:"Dani Camps"

Radius for 802.1X and TKIP

2005-01-24 Thread Dani Camps

I want to set up a secure wlan using EAP-PEAP as
authentication method and Radius as a authentication
server, in the AP I choose TKIP encryption, but I
think TKIP needs to renew the keys used, and I think
is the Radius server the one that has to create the
keys and pass them to the AP, is this true ?

In that case how to configure Radius to use TKIP ?

Any of you have experience in this set up, wlan with
EAP-PEAP authentication in a Radius server and using
TKIP for encryption ?

Thanks !



__ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Certificate problem in Radius with PEAP

2005-01-19 Thread Dani Camps

I want to set up a Radius server for use in 802.1x, I
want PEAP autentication, so I need to configure TLS
and certificates, I have openssl and I have generated
a CA and signed a certificate with it, I have
configured the radiusd.conf and the eap.conf, but I
get this error when I start radius in debug mode. 

My Radius server version is 1.0.1-1 and I am using
Fedora Core 3.

I attach the tls section because is the problematic
one:

rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = (null)
tls: pem_file_type = yes
tls: private_key_file = /var/ssl/newreq.pem
tls: certificate_file = /var/ssl/newreq.pem
tls: CA_file = /var/ssl/cacert.pem
tls: private_key_password = my_passwd
tls: dh_file = /etc/raddb/certs/dh
tls: random_file = /dev/urandom
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = (null)
4419:error:0906D06C:PEM routines:PEM_read_bio:no start
lineem_lib.c:632:Expecting: CERTIFICATE
4419:error:0906D06C:PEM routines:PEM_read_bio:no start
lineem_lib.c:632:Expecting: CERTIFICATE
4419:error:140AD009:SSL
routines:SSL_CTX_use_certificate_file:PEM
lib:ssl_rsa.c:534:
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[9]: eap: Module instantiation failed.

It seems a problem in reading the certificates files,
the /var/ssl/newreq.file, I have checked that the
radius server has enough privileges to access that
file. That file is the server certificate signed by
the CA and was generated with openssl, this file
actually contains the private key and the public
certificate, and is of the form:

-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,D50C8C4598225F1B

6yDmwg
...
PysPdPw==
-END RSA PRIVATE KEY-

-BEGIN CERTIFICATE REQUEST-
MIIB3zCC


FhH7
-END CERTIFICATE REQUEST-

So I think the file is correct.

Does any one know about why the radius server is not
reading the certificates properly?

Thanks a lot !



__ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radius for 802.1X and TKIP

Certificate problem in Radius with PEAP

2 matches

Site Navigation

Mail list logo

Footer information