Problem with udpfromto in version 2.1.1 - please help

Will D. Spann willdspann at yahoo.com
Wed Feb 4 06:32:59 CET 2009 

Alan,

>  The comments in radiusd.conf just before that say that the "authorize"
>etc. sections are in virtual hosts, and that the "include" line includes
>those virtual hosts.

I see; thanks for the clarification.  This is a departure from how FreeRADIUS 1.0 was configured, where the authenticate and authorize sections resided in the radiusd.conf file.

>> Running radiusd -X as root with default settings gives errors related to
>> EAP and Diffie-Hellman.  I'm running the x64 package from openSUSE 11.1
>> (FreeRADIUS 2.1.1).  I have OpenSSL 0.9.8h installed.

>  Run the "bootstrap" command as root.

Thanks for the suggestion.  I ran the /etc/raddb/certs/bootstrap script, and it successfully created the self-signed SSL certificates for EAP.  Now the Diffie-Hellman errors have gone away, when I run radiusd -X.  At this point I was still getting the remaining EAP-related errors.

However, I noticed a new "permission denied" error, related to SSL in the rlm_eap module.  Based on this, I checked the ownership/permissions of the configuration files and keys in the /etc/raddb folder & below.  It turns out they were all set to root.root & r/w for root user only!  But the default configuration has radiusd running as the radiusd user, so it couldn't read the files it needed access to.  Changing the ownership to root.radiusd and the permissions to r/w for root and read for the radiusd group solved my startup problem.  Thanks again.  I would never have seen this cause without getting past the SSL key creation issue.

Unfortunately, I'm getting the same negative results when running the recommended initial radtest test "radtest test test localhost 0 testing123".  The following is the output I get.

    radclient: socket: cannot initialize udpfromto: Function not implemented

I'm not sure where to go from here.  I'm still running with the default configuration.

Thanks for any additional help.

Will Spann


The abbreviated radiusd -X output I received PRIOR to fixing the ownership/permissions problem is below, for reference.  Now radiusd runs without errors.


gcwifi-auth-vm:/etc/raddb # radiusd -X
FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec  3 2008 at 13:57:16
[...]
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
 }
}
Errors initializing modules



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090203/5d0f8c47/attachment.html>

More information about the Freeradius-Users mailing list