George KNIGHT wrote:The goal is to *make* it that easy. A large number of problems on the
> A person like you who is dealing with freeradius on a daily basis may
> have a tendency of thinking that using/installing/troubleshooting
> freeradius is very easy.
list are because people think it's complicated, and start changing large
amounts of the default config.
Based on the feedback I've seen, I've edited/updated the software
> Based on the feedback I
> got from people, everyone seems to agree that it provided them a simple
> and easy to follow steps for the installation. I felt happy that I
> helped other people the way that I was helped at all the time through
> different forums on the internet.
itself to be easier to use. I don't like reading "howto's", because
many are out of date, and many others are simply wrong. I would
*prefer* that people shipped software that worked, and was easy to use.
The 5-6 line instructions I gave are all that's needed.
> When I started implementing the FreeRadius, I thought I would find some
> documentation to start with. But unfortunately, after spending days, i
> couldn't find such a document. The more I read, the more i surprised
> that I couldn't figure this out. I know that it shouldn't be much
> difficult but here I am still struggling to make this work.
Why change eap.conf && radiusd.conf?
> I installed the FreeRadous 2.0.2 with Yast tool with SuSE SLES. It
> installed it OK. And then i made changes to eap.conf and radiusd.conf
> files to start my test. I run radiusd -X and here is what I got;
> # radiusd -X
...
> rlm_eap: SSL error error:0200100D:system library:fopen:Permission deniedThat should be a pretty simple problem to fix. It's file permissions...
Are you starting the server as root?
Why not? What's the error message? Is it secret?
> And other thing is that the command bootstrap couldn't finish creating
> certificates.
Did you run the "bootstrap" script as root?
To be honest, you *shouldn't* install the default certificates.
> How may I solve this problem. And if finish creating
> certs successfully, which certificates should I install to the XP SP2
> client and where?
They're only for testing.
For testing, un-check the "validate server certificate" in XP.
For real certificates, edit the conf files as described in the
raddb/certs/ documentation, and re-build the certs. Then, install the
CA cert, as described in the EAP-TLS howto... with pictures.
PEAP *is* EAP-TLS. It's a variation of EAP-TLS, and all of the
> You suggested to read the file
> at http://freeradius.org/doc/EAPTLS.pdf but believe me it didn't help
> me. And it also gives information for TLS implementation. NOthing for PEAP.
certificate requirements for EAP-TLS apply to PEAP, too.
If you have any ideas for what documentation needs to be updated,
please submit suggested text. We can include it in the next release.
But my experience (unfortunately) is that the people who have the most
problems are reading third-party "howtos" that are *wrong*, and are
ignoring the server documentation that is *right*. That's a problem I
can't fix.