Hi Allan,<div><br></div><div><br></div><div>Sorry that It was a mistake to say that I made changes at the config files. In fact I didn't not change anything on radiusd.conf and the only change I made at eap.conf is this line;</div>
<div><br></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; line-height: 16px; ">default_eap_type = peap</span><br></div><div><span class="Apple-style-span" style="font-family: -webkit-monospace; line-height: 16px;"><br>
</span></div><div><span class="Apple-style-span" style="line-height: 16px; "><span class="Apple-style-span" style="font-family: arial, sans-serif;">As it was md5 before.</span></span></div><div><br></div><div><br></div><div>
Yes, I run all the commands as a root. Is this wrong?</div><div><br></div><div>When I run the bootstrap script, again, as a root, here is what I get;</div><div><br></div><div><div>comp-010:/etc/raddb/certs # ./bootsrap</div>
<div>bash: ./bootsrap: No such file or directory</div><div>comp-010:/etc/raddb/certs # ./bootstrap</div><div>make: Nothing to be done for `ca'.</div><div>make: Nothing to be done for `server'.</div><div>make: `dh' is up to date.</div>
<div>make: `random' is up to date.</div><div>comp-010:/etc/raddb/certs #</div><div><br></div><div>I will use the default certs for just testing purposes. Once I make this work with defaults ones, I will sure go ahead and create new certificates. But at this moment, all I want to see a working version of PEAP authentication in my test environment.</div>
<div><br></div><div><br></div><div>Thank you </div><div><br></div><div>George Knight</div><div><br></div><div><br></div><div><br></div></div><div><br><br><div class="gmail_quote">On Thu, May 1, 2008 at 2:00 AM, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="Ih2E3d">George KNIGHT wrote:<br>
> A person like you who is dealing with freeradius on a daily basis may<br>
> have a tendency of thinking that using/installing/troubleshooting<br>
> freeradius is very easy.<br>
<br>
</div> The goal is to *make* it that easy. A large number of problems on the<br>
list are because people think it's complicated, and start changing large<br>
amounts of the default config.<br>
<div class="Ih2E3d"><br>
> Based on the feedback I<br>
> got from people, everyone seems to agree that it provided them a simple<br>
> and easy to follow steps for the installation. I felt happy that I<br>
> helped other people the way that I was helped at all the time through<br>
> different forums on the internet.<br>
<br>
</div> Based on the feedback I've seen, I've edited/updated the software<br>
itself to be easier to use. I don't like reading "howto's", because<br>
many are out of date, and many others are simply wrong. I would<br>
*prefer* that people shipped software that worked, and was easy to use.<br>
<div class="Ih2E3d"><br>
> When I started implementing the FreeRadius, I thought I would find some<br>
> documentation to start with. But unfortunately, after spending days, i<br>
> couldn't find such a document. The more I read, the more i surprised<br>
> that I couldn't figure this out. I know that it shouldn't be much<br>
> difficult but here I am still struggling to make this work.<br>
<br>
</div> The 5-6 line instructions I gave are all that's needed.<br>
<div class="Ih2E3d"><br>
> I installed the FreeRadous 2.0.2 with Yast tool with SuSE SLES. It<br>
> installed it OK. And then i made changes to eap.conf and radiusd.conf<br>
> files to start my test. I run radiusd -X and here is what I got;<br>
<br>
</div> Why change eap.conf && radiusd.conf?<br>
<br>
> # radiusd -X<br>
...<br>
<div class="Ih2E3d">> rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied<br>
<br>
</div> That should be a pretty simple problem to fix. It's file permissions...<br>
<br>
Are you starting the server as root?<br>
<div class="Ih2E3d"><br>
> And other thing is that the command bootstrap couldn't finish creating<br>
> certificates.<br>
<br>
</div> Why not? What's the error message? Is it secret?<br>
<br>
Did you run the "bootstrap" script as root?<br>
<div class="Ih2E3d"><br>
> How may I solve this problem. And if finish creating<br>
> certs successfully, which certificates should I install to the XP SP2<br>
> client and where?<br>
<br>
</div> To be honest, you *shouldn't* install the default certificates.<br>
They're only for testing.<br>
<br>
For testing, un-check the "validate server certificate" in XP.<br>
<br>
For real certificates, edit the conf files as described in the<br>
raddb/certs/ documentation, and re-build the certs. Then, install the<br>
CA cert, as described in the EAP-TLS howto... with pictures.<br>
<div class="Ih2E3d"><br>
> You suggested to read the file<br>
> at <a href="http://freeradius.org/doc/EAPTLS.pdf" target="_blank">http://freeradius.org/doc/EAPTLS.pdf</a> but believe me it didn't help<br>
> me. And it also gives information for TLS implementation. NOthing for PEAP.<br>
<br>
</div> PEAP *is* EAP-TLS. It's a variation of EAP-TLS, and all of the<br>
certificate requirements for EAP-TLS apply to PEAP, too.<br>
<br>
If you have any ideas for what documentation needs to be updated,<br>
please submit suggested text. We can include it in the next release.<br>
<br>
But my experience (unfortunately) is that the people who have the most<br>
problems are reading third-party "howtos" that are *wrong*, and are<br>
ignoring the server documentation that is *right*. That's a problem I<br>
can't fix.<br>
<div><div></div><div class="Wj3C7c"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>