<span class="gmail_quote"></span><br><div>Hi,<br>I m running freeRADIUS 1.1.2. Trying to run it for PEAP authentication and made few changes in radiusd.conf,eap.conf & users files in /usr/local/etc/raddb/ directory.<br>
on running freeradius in debugging mode by typing "radiusd -x" on command prompt it gives this output:
<br><br>[root@localhost ~]# radiusd -x<br>Starting - reading configuration files ...<br>Using deprecated naslist file. Support for this will go away soon.<br>Module: Loaded exec<br>rlm_exec: Wait=yes but no output defined. Did you mean output=none?
<br>Module: Instantiated exec (exec)<br>Module: Loaded expr<br>Module: Instantiated expr (expr)<br>Module: Loaded PAP<br>Module: Instantiated pap (pap)<br>Module: Loaded CHAP<br>Module: Instantiated chap (chap)<br>Module: Loaded MS-CHAP
<br>Module: Instantiated mschap (mschap)<br>Module: Loaded System<br>Module: Instantiated unix (unix)<br>Module: Loaded eap<br>rlm_eap: Loaded and initialized type md5<br>rlm_eap: Loaded and initialized type leap<br>rlm_eap: Loaded and initialized type gtc
<br>rlm_eap_tls: Loading the certificate file as a chain<br>rlm_eap: SSL error error:0200100E:system library:fopen:Bad address<br>rlm_eap_tls: Error reading certificate file<br>rlm_eap: Failed to initialize type tls<br>radiusd.conf
[10]: eap: Module instantiation failed.<br>radiusd.conf[1920] Unknown module "eap".<br>radiusd.conf[1867] Failed to parse authenticate section.<br><br><br><br><br>I am attaching radiusd.conf,clients.conf,eap.conf
and users files here.<br>Plz tell me also how to mention network in clients.conf. Do i need to install openssl before running freeradius server?<br></div><div><span class="sg"><br>I m pasting my files below here:<br>xxxxxxxxxxxx
<br>radiusd.conf<br>xxxxxxxxxxxx<br>## radiusd.conf -- FreeRADIUS server configuration file.<br><br><br>prefix = /usr/local<br>exec_prefix = ${prefix}<br>sysconfdir = ${prefix}/etc<br>localstatedir = ${prefix}/var<br>sbindir = ${exec_prefix}/sbin
<br>logdir = ${localstatedir}/log/radius<br>raddbdir = ${sysconfdir}/raddb<br>radacctdir = ${logdir}/radacct<br><br># Location of config and logfiles.<br>confdir = ${raddbdir}<br>run_dir = ${localstatedir}/run/radiusd<br>
<br><br>log_file = ${logdir}/radius.log<br><br><br>libdir = ${exec_prefix}/lib<br><br><br><br>pidfile = ${run_dir}/radiusd.pid<br><br><br><br>#user = nobody<br>#group = nobody<br><br># max_request_time: The maximum time (in seconds) to handle a request.
<br>#<br><br># Useful range of values: 5 to 120<br>#<br>max_request_time = 30<br><br><br><br>delete_blocked_requests = no<br><br><br><br>cleanup_delay = 5<br><br><br><br>max_requests = 1024<br><br><br><br>bind_address = *
<br><br><br><br>port = 0<br><br>hostname_lookups = no<br><br><br>allow_core_dumps = no<br><br><br>regular_expressions = yes<br>extended_expressions = yes<br><br><br>log_stripped_names = no<br><br><br>log_auth = no<br>
<br>log_auth_badpass = no<br>log_auth_goodpass = no<br><br><br>usercollide = no<br><br><br>lower_user = no<br>lower_pass = no<br><br><br>nospace_user = no<br>nospace_pass = no<br><br># The program to execute to do concurrency checks.
<br>checkrad = ${sbindir}/checkrad<br><br># SECURITY CONFIGURATION<br><br>security {<br> <br> max_attributes = 200<br><br> <br> reject_delay = 1<br><br> <br> status_server = no<br>}<br><br><br>proxy_requests = yes
<br>$INCLUDE ${confdir}/proxy.conf<br><br><br># CLIENTS CONFIGURATION<br><br>$INCLUDE ${confdir}/clients.conf<br><br><br># SNMP CONFIGURATION<br><br>snmp = no<br>$INCLUDE ${confdir}/snmp.conf<br><br><br># THREAD POOL CONFIGURATION
<br><br>thread pool {<br> <br> start_servers = 5<br><br> <br> max_servers = 32<br><br> <br> min_spare_servers = 3<br> max_spare_servers = 10<br><br> max_requests_per_server = 0<br>}<br><br># MODULE CONFIGURATION
<br><br>modules {<br> <br><br> <br> pap {<br> encryption_scheme = crypt<br> }<br><br> <br> chap {<br> authtype = CHAP<br> }<br><br> <br> pam {<br> <br> pam_auth = radiusd
<br> }<br><br> <br> unix {<br> <br> <br> cache = no<br><br> cache_reload = 600<br><br> <br> <br> <br><br> radwtmp = ${logdir}/radwtmp<br> }<br><br> # Extensible Authentication Protocol
<br> <br>$INCLUDE ${confdir}/eap.conf<br><br> # Microsoft CHAP authentication<br> <br> mschap {<br> <br> authtype = MS-CHAP<br> <br><br> <br> #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
<br> }<br><br> # Lightweight Directory Access Protocol (LDAP)<br> <br> ldap {<br> server = "ldap.your.domain"<br> # identity = "cn=admin,o=My Org,c=UA"<br> # password = mypass
<br> basedn = "o=My Org,c=UA"<br> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br> # base_filter = "(objectclass=radiusprofile)"<br><br> start_tls = no<br>
<br> <br><br> access_attr = "dialupAccess"<br><br> dictionary_mapping = ${raddbdir}/ldap.attrmap<br><br> ldap_connections_number = 5<br><br> <br> <br> <br> # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
<br> # groupmembership_attribute = radiusGroupName<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1<br> <br> }<br><br> <br><br> <br> #}<br><br> <br> #}<br><br>
<br><br> <br> realm IPASS {<br> format = prefix<br> delimiter = "/"<br> ignore_default = no<br> ignore_null = no<br> }<br><br> # 'username@realm'<br> #<br> realm suffix {
<br> format = suffix<br> delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br> }<br><br> # 'username%realm'<br> #<br> realm realmpercent {<br> format = suffix
<br> delimiter = "%"<br> ignore_default = no<br> ignore_null = no<br> }<br><br> #<br> # 'domain\user'<br> #<br> realm ntdomain {<br> format = prefix<br> delimiter = "\\"
<br> ignore_default = no<br> ignore_null = no<br> } <br><br> #<br> checkval {<br> # The attribute to look for in the request<br> item-name = Calling-Station-Id<br><br> # The attribute to look for in check items. Can be multi valued
<br> check-name = Calling-Station-Id<br><br> <br> data-type = string<br><br> <br> }<br> <br> <br> <br><br> <br> #}<br><br> <br> preprocess {<br> huntgroups = ${confdir}/huntgroups
<br> hints = ${confdir}/hints<br><br> <br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br><br> <br> with_ntdomain_hack = no<br><br> <br> with_specialix_jetstream_hack = no
<br><br> <br> # H323-Attribute = "value"<br> <br> with_cisco_vsa_hack = no<br> }<br><br> <br> files {<br> usersfile = ${confdir}/users<br> acctusersfile = ${confdir}/acct_users
<br> preproxy_usersfile = ${confdir}/preproxy_users<br><br> <br> compat = no<br> }<br><br> <br> detail {<br> <br> <br> <br> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
<br><br> <br> detailperm = 0600<br><br> <br> #suppress {<br> # User-Password<br> #}<br> }<br><br> <br> <br> <br><br><br> <br> <br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
<br> }<br><br><br> <br> $INCLUDE ${confdir}/sql.conf<br> <br> radutmp {<br> <br> filename = ${logdir}/radutmp<br><br> <br> #<br> # You may want instead: %{Stripped-User-Name:-%{User-Name}}
<br> username = %{User-Name}<br><br><br> <br> case_sensitive = yes<br><br> <br> check_with_nas = yes <br><br> perm = 0600<br><br> callerid = "yes"<br> }
<br><br> <br> radutmp sradutmp {<br> filename = ${logdir}/sradutmp<br> perm = 0644<br> callerid = "no"<br> }<br><br> <br> attr_filter {<br> attrsfile = ${confdir}/attrs
<br> }<br><br> <br> <br> counter daily {<br> filename = ${raddbdir}/db.daily<br> key = User-Name<br> count-attribute = Acct-Session-Time<br> reset = daily<br> counter-name = Daily-Session-Time
<br> check-name = Max-Daily-Session<br> allowed-servicetype = Framed-User<br> cache-size = 5000<br> }<br><br> <br> sqlcounter dailycounter {<br> counter-name = Daily-Session-Time<br> check-name = Max-Daily-Session
<br> sqlmod-inst = sql<br> key = User-Name<br> reset = daily<br><br> <br> query = "SELECT SUM(AcctSessionTime - \<br> GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
<br> FROM radacct WHERE UserName='%{%k}' AND \<br> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br> <br><br> }<br><br> sqlcounter monthlycounter {<br> counter-name = Monthly-Session-Time
<br> check-name = Max-Monthly-Session<br> sqlmod-inst = sql<br> key = User-Name<br> reset = monthly<br><br> query = "SELECT SUM(AcctSessionTime - \<br> GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
<br> FROM radacct WHERE UserName='%{%k}' AND \<br> UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br> <br><br> }<br><br> <br> always fail {<br> rcode = fail
<br> }<br> always reject {<br> rcode = reject<br> }<br> always ok {<br> rcode = ok<br> simulcount = 0<br> mpp = no<br> }<br><br> <br> expr {<br> }<br><br> <br> digest {
<br> }<br><br> <br> exec {<br> wait = yes<br> input_pairs = request<br> }<br><br> <br> exec echo {<br> <br> # allowed values: {no, yes}<br> wait = yes<br><br> <br>
program = "/bin/echo %{User-Name}"<br><br> <br> input_pairs = request<br><br> <br> output_pairs = reply<br><br> <br> <br> }<br><br> <br> ippool main_pool {
<br><br> <br> range-start = <a href="http://192.168.1.1">192.168.1.1</a><br> range-stop = <a href="http://192.168.3.254">192.168.3.254</a><br><br> <br> netmask = <a href="http://255.255.255.0">
255.255.255.0</a><br><br> <br> cache-size = 800<br><br> <br> session-db = ${raddbdir}/db.ippool<br><br> <br> ip-index = ${raddbdir}/db.ipindex<br><br> <br> override = no
<br><br> <br> maximum-timeout = 0<br> }<br><br> <br>}<br><br># Instantiation<br><br>instantiate {<br> <br> exec<br><br> <br> expr<br><br> <br>}<br><br><br>authorize {<br> <br> preprocess
<br><br> <br> chap<br><br> <br> mschap<br><br> <br> <br> suffix<br><br> eap<br><br> <br> files<br><br> <br><br> <br>}<br><br><br># Authentication.<br><br>authenticate {<br> <br> Auth-Type PAP {
<br> pap<br> }<br><br> <br> Auth-Type CHAP {<br> chap<br> }<br><br> <br> Auth-Type MS-CHAP {<br> mschap<br> }<br><br> <br> unix<br><br> <br># }<br><br> <br> eap<br>
}<br><br><br><br>preacct {<br> preprocess<br><br> <br> acct_unique<br><br> <br> suffix<br><br> files<br>}<br><br><br>accounting {<br> <br> detail<br><br> unix<br><br> <br> radutmp<br><br><br>
<br>}<br><br><br><br>session {<br> radutmp<br><br> <br>}<br><br><br><br>post-auth {<br> <br><br># }<br><br>}<br><br><br>pre-proxy {<br><br>}<br><br><br>post-proxy {<br><br> <br> eap<br>}<br>xxxxxxxxxxxxxxradiusd.conf
ends here xxxxxxxxxxxxxxxxx<br><br>xxxxxxxxxxxxxx<br>eap.conf<br>xxxxxxxxxxxxx<br>ap {<br> <br> default_eap_type = peap<br><br> <br> timer_expire = 60<br><br> ignore_unknown_eap_types = yes
<br><br> <br> cisco_accounting_username_bug = no<br><br> md5 {<br> }<br><br> <br> leap {<br> }<br><br> <br> gtc {<br> <br> auth_type = PAP
<br> }<br><br> <br> tls {<br> <br> private_key_password = whatever<br> private_key_file = ${raddbdir}/certs/cert-srv.pem<br><br> certificate_file = ${raddbdir}/certs/cert-
srv.pem<br><br> CA_file = ${raddbdir}/certs/demoCA/cacert.pem<br><br> dh_file = ${raddbdir}/certs/dh<br> # random_file = ${raddbdir}/certs/random<br><br> <br> # fragment_size = 1024
<br><br> # include_length = yes<br><br> # check_crl = yes<br><br> <br> # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"<br><br> <br>
# check_cert_cn = %{User-Name}<br> #<br> }<br><br> <br> <br> peap {<br> <br> default_eap_type = mschapv2<br><br> }<br><br> <br> mschapv2 {
<br> }<br> }<br>xxxxxxxxxxxxxxxxx eap.conf ends here xxxxxxxxxxxxxxxxxxxxxx<br><br>xxxxxxxxxx<br>clients.conf<br>xxxxxxxxxxx<br>#<br># clients.conf - client configuration directives<br><br>client <a href="http://127.0.0.1">
127.0.0.1</a> {<br> <br> secret = testing123<br><br> shortname = localhost<br><br> <br> nastype = other # localhost isn't usually a NAS...<br><br>}<br><br><br><br>#client <a href="http://192.168.0.0/24">
192.168.0.0/24</a> {<br># secret = testing123-1<br># shortname = private-network-1<br>#}<br>#<br>#client <a href="http://192.168.0.0/16">192.168.0.0/16</a> {<br># secret = testing123-2<br># shortname = private-network-2
<br>#}<br>xxxxxxxxxxxxxxx clients.conf ends here xxxxxxxxxxxxxxxx<br><br>xxxxxxxxx<br>users<br>xxxxxxxxx<br><br><br><br><br>"testuser" User-Password == "testing" <br> Reply-Message = "Hello, %u"
<br><br><br><br><br><br><br><br><br>DEFAULT Service-Type == Framed-User<br> Framed-IP-Address = <a href="http://255.255.255.254">255.255.255.254</a>,<br> Framed-MTU = 576,<br> Service-Type = Framed-User,<br> Fall-Through = Yes
<br><br><br>DEFAULT Framed-Protocol == PPP<br> Framed-Protocol = PPP,<br> Framed-Compression = Van-Jacobson-TCP-IP<br><br><br>DEFAULT Hint == "CSLIP"<br> Framed-Protocol = SLIP,<br> Framed-Compression = Van-Jacobson-TCP-IP
<br><br><br>DEFAULT Hint == "SLIP"<br> Framed-Protocol = SLIP<br>xxxxxxxxxx users file ends here xxxxxxxxxxxxxxxxx<br><br>can anybody suggest me how to make it work(what modifications i need to do)<br>-- <br>
Regards<br>Pradeep Singh
</span></div><br clear="all"><br clear="all"><br>