(Desperate) help setting up freeradius for use with eap-tls and win clients

Federico Carbonetti smoking81 at gmail.com
Thu Sep 14 11:49:16 CEST 2006 

hello!1st of all, THANKS for replying!:)
unfortunately, when i try to type "radiusd -X -A" the ouput is what follows..

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "nobody"
 main: group = "nobody"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
Cannot switch group; nobody doesn't exist

as i mentioned, maybe the problem is in the permissions/owners.. here
is the list of important files and configuration....

-rw-r--r-- 1 root root   422 2006-09-13 13:25 acct_users
-rw-r--r-- 1 root root  4074 2006-09-13 13:25 attrs
drwxr-xr-x 3 root root  4096 2006-09-13 16:47 certs
-rw-r----- 1 root root   189 2006-09-13 13:25 clients
-rw-r----- 1 root root  2935 2006-09-13 17:18 clients.conf
-rw-r----- 1 root root  2933 2006-09-13 14:01 clients.conf~
-rw-r--r-- 1 root root   935 2006-09-13 13:25 dictionary
-rw------- 1 root root  9974 2006-09-13 18:44 eap.conf
-rw------- 1 root root  9966 2006-09-13 17:38 eap.conf~
-rwxr-xr-x 1 root root  4620 2006-09-13 13:25 example.pl
-rw-r--r-- 1 root root  4405 2006-09-13 13:25 experimental.conf
-rw-r--r-- 1 root root  2396 2006-09-13 13:25 hints
-rw-r--r-- 1 root root  1604 2006-09-13 13:25 huntgroups
-rw-r--r-- 1 root root  2424 2006-09-13 13:25 ldap.attrmap
-rw-r--r-- 1 root root  8786 2006-09-13 13:25 mssql.conf
-rw-r--r-- 1 root root  1020 2006-09-13 13:25 naslist
-rw-r----- 1 root root   856 2006-09-13 13:25 naspasswd
-rw-r--r-- 1 root root 12267 2006-09-13 13:25 oraclesql.conf
-rw-r--r-- 1 root root  7316 2006-09-13 13:25 otp.conf
-rw-r--r-- 1 root root  1734 2006-09-13 13:25 otppasswd.sample
-rw-r--r-- 1 root root 14514 2006-09-13 13:25 postgresql.conf
-rw-r--r-- 1 root root  1039 2006-09-13 13:25 preproxy_users
-rw-r--r-- 1 root root  8834 2006-09-13 13:25 proxy.conf
-rw-r--r-- 1 root root 65378 2006-09-13 19:02 radiusd.conf
-rw-r--r-- 1 root root 65378 2006-09-13 19:00 radiusd.conf~
-rw-r--r-- 1 root root   187 2006-09-13 13:25 realms
-rw-r--r-- 1 root root  1405 2006-09-13 13:25 snmp.conf
-rw-r--r-- 1 root root 14128 2006-09-13 13:25 sql.conf
-rw-r--r-- 1 root root  3339 2006-09-13 13:25 sqlippool.conf
-rw-r--r-- 1 root root  6940 2006-09-13 13:25 users

and in the derectory cert the permeissions are:

-r--r--r-- 1 root   root 3194 2006-09-13 16:46 cacert.pem
-rw-r--r-- 1 root   root  721 2006-09-13 13:25 cert-clt.der
-rw-r--r-- 1 root   root 1741 2006-09-13 13:25 cert-clt.p12
-rw-r--r-- 1 root   root 2452 2006-09-13 13:25 cert-clt.pem
-rw-r--r-- 1 root   root  717 2006-09-13 13:25 cert-srv.der
-rw-r--r-- 1 root   root 1733 2006-09-13 13:25 cert-srv.p12
-rw-r--r-- 1 root   root 2439 2006-09-13 13:25 cert-srv.pem
drwxr-xr-x 2 root   root 4096 2006-09-13 13:25 demoCA
-r-------- 1 nobody root  466 2006-09-13 16:58 dh
-rw-r--r-- 1 root   root 2913 2006-09-13 13:25 newcert.pem
-rw-r--r-- 1 root   root 1753 2006-09-13 13:25 newreq.pem
-r-------- 1 nobody root 1024 2006-09-13 16:59 random
-rw-r--r-- 1 root   root  431 2006-09-13 13:25 README
-rw-r--r-- 1 root   root  954 2006-09-13 13:25 root.der
-rw-r--r-- 1 root   root 1973 2006-09-13 13:25 root.p12
-rw-r--r-- 1 root   root 2764 2006-09-13 13:25 root.pem
-r-------- 1 nobody root 1815 2006-09-13 16:47 server_keycert.pem

Any idea?
Thanks a lot again!


2006/9/14, A.L.M.Buxey at lboro.ac.uk <A.L.M.Buxey at lboro.ac.uk>:
> Hi,
>
> > changing described in part III of the guide.. But when I finally
> > started the server by typing rc.radiusd start It just wrote radiusd as
> > response and then the shell prompts for new commands, while I think it
> > should say something like "waiting to process..."
>
> that command should just start the service as per normal...which would
> drop you back to the shell.  if you want to see radiusd working, then you
> need to either supply the forreground or debug flags to it...as in
> the documents..
>
> radiusd -X
>
> should do nicely
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list