Alan,<div><br></div><div>I feel extremely stupid even though I know I am not. </div><div><br></div><div>Running radiusd -X command as a root gives me the following error message as I posted here yesterday;</div><div>PS: I'm just posting last part of the output here. The full output can be seen at my previous email that I sent yesterday.</div>
<div><br></div><div>-------------------------------------------------------------------------------------------------------------------------------</div><div><br></div><div><span class="Apple-style-span" style="border-collapse: collapse; "><div>
Module: Instantiating eap</div><div> eap {</div><div> default_eap_type = "peap"</div><div> timer_expire = 60</div><div> ignore_unknown_eap_types = no</div><div> cisco_accounting_username_bug = no</div>
<div> }</div><div> Module: Linked to sub-module rlm_eap_md5</div><div> Module: Instantiating eap-md5</div><div> Module: Linked to sub-module rlm_eap_leap</div><div> Module: Instantiating eap-leap</div><div> Module: Linked to sub-module rlm_eap_gtc</div>
<div> Module: Instantiating eap-gtc</div><div> gtc {</div><div> challenge = "Password: "</div><div> auth_type = "PAP"</div><div> }</div><div> Module: Linked to sub-module rlm_eap_tls</div>
<div> Module: Instantiating eap-tls</div><div> tls {</div><div> rsa_key_exchange = no</div><div> dh_key_exchange = yes</div><div> rsa_key_length = 512</div><div> dh_key_length = 512</div><div>
verify_depth = 0</div><div> pem_file_type = yes</div><div> private_key_file = "/etc/raddb/certs/server.pem"</div><div> certificate_file = "/etc/raddb/certs/server.pem"</div>
<div> CA_file = "/etc/raddb/certs/ca.pem"</div><div> private_key_password = "whatever"</div><div> dh_file = "/etc/raddb/certs/dh"</div><div> random_file = "/etc/raddb/certs/random"</div>
<div> fragment_size = 1024</div><div> include_length = yes</div><div> check_crl = no</div><div> cipher_list = "DEFAULT"</div><div> make_cert_command = "/etc/raddb/certs/bootstrap"</div>
<div> }</div><div>rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied</div><div>rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem</div><div>rlm_eap: Failed to initialize type tls</div>
<div>/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"</div><div>/etc/raddb/sites-enabled/default[252]: Failed to find module "eap".</div><div>/etc/raddb/sites-enabled/default[199]: Errors parsing authenticate section.</div>
<div> }</div><div>}</div><div>Errors initializing modules</div><div>comp-010:/home/srn #</div><div><br></div><div>---------------------------------------------------------------------------------------------------------------------</div>
<div><br></div><div>It says a 'permission denied' and you asked me earlier if I was running the command as a root, which the answer is yes. So, how can I overcome this problem? </div><div><br></div><div>Thank you </div>
<div>George</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></span></div><div><br></div>
<div><br><div class="gmail_quote">On Thu, May 1, 2008 at 11:50 AM, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="Ih2E3d">George KNIGHT wrote:<br>
> Yes, I run all the commands as a root. Is this wrong?<br>
<br>
</div> No.<br>
<div class="Ih2E3d"><br>
> When I run the bootstrap script, again, as a root, here is what I get;<br>
<br>
</div> <sigh> You said it had errors. You need to show what those errors<br>
are. Showing that it runs *without* errors doesn't help.<br>
<div class="Ih2E3d"><br>
> I will use the default certs for just testing purposes. Once I make this<br>
> work with defaults ones, I will sure go ahead and create new<br>
> certificates. But at this moment, all I want to see a working version<br>
> of PEAP authentication in my test environment.<br>
<br>
</div> Follow the instructions. It WILL work.<br>
<br>
- uncheck "validate server certificate" in Windows.<br>
- add username/password to FreeRADIUS as per the FAQ<br>
- start the server<br>
- verify that PEAP works.<br>
<br>
That's what I do. It's not complicated. It doesn't require "special"<br>
knowledge or experience. It really *is* that easy.<br>
<div><div></div><div class="Wj3C7c"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>