<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt"><div>Ivan Kalik,<br><br>>>I should note that in my radiusd.conf file, I'm not including "eap.conf" nor "sites-enabled/", but other than that I have all default settings.<br><br>>Well done! By removing /sites-enabled you have stopped the server from<br>>processing all As from AAA (authentication, authorization and<br>>accounting) in one masterfull stroke. Now put everything back as it was.<br><br>Thanks for the reply. I didn't realize disabling sites-enabled would disable all AAA services.<br><br>Running radiusd -X as root with default settings gives errors related to EAP and Diffie-Hellman. I'm running the x64 package from openSUSE 11.1 (FreeRADIUS 2.1.1). I have OpenSSL 0.9.8h installed.<br><br>The radiusd -X output is listed below. Thanks for any comments on
this.<br><br>Will<br><br><br>gcwifi-auth-vm:~ # radiusd -X<br>FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec 3 2008 at 13:57:16<br>Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.<br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ... <br>including configuration file /etc/raddb/radiusd.conf <br>including configuration file /etc/raddb/proxy.conf <br>including configuration file /etc/raddb/clients.conf <br>including files in directory /etc/raddb/modules/ <br>including configuration file /etc/raddb/modules/pam <br>including configuration file /etc/raddb/modules/pap <br>including configuration file /etc/raddb/modules/chap <br>including configuration file
/etc/raddb/modules/echo <br>including configuration file /etc/raddb/modules/exec <br>including configuration file /etc/raddb/modules/expr <br>including configuration file /etc/raddb/modules/ldap <br>including configuration file /etc/raddb/modules/krb5 <br>including configuration file /etc/raddb/modules/unix <br>including configuration file /etc/raddb/modules/inner-eap<br>including configuration file /etc/raddb/modules/radutmp <br>including configuration file /etc/raddb/modules/counter <br>including configuration file /etc/raddb/modules/acct_unique <br>including configuration file /etc/raddb/modules/files<br>including configuration file /etc/raddb/modules/realm<br>including configuration file /etc/raddb/modules/wimax<br>including configuration file /etc/raddb/modules/mac2vlan <br>including configuration file /etc/raddb/modules/linelog <br>including configuration file /etc/raddb/modules/detail.example.com <br>including
configuration file /etc/raddb/modules/checkval <br>including configuration file /etc/raddb/modules/logintime<br>including configuration file /etc/raddb/modules/sql_log <br>including configuration file /etc/raddb/modules/sradutmp <br>including configuration file /etc/raddb/modules/always <br>including configuration file /etc/raddb/modules/attr_rewrite <br>including configuration file /etc/raddb/modules/detail <br>including configuration file /etc/raddb/modules/digest <br>including configuration file /etc/raddb/modules/ippool <br>including configuration file /etc/raddb/modules/mac2ip <br>including configuration file /etc/raddb/modules/mschap <br>including configuration file /etc/raddb/modules/smbpasswd<br>including configuration file /etc/raddb/modules/passwd <br>including configuration file /etc/raddb/modules/policy <br>including configuration file
/etc/raddb/modules/etc_group<br>including configuration file /etc/raddb/modules/preprocess <br>including configuration file /etc/raddb/modules/attr_filter <br>including configuration file /etc/raddb/modules/detail.log <br>including configuration file /etc/raddb/modules/expiration <br>including configuration file /etc/raddb/eap.conf <br>including configuration file /etc/raddb/sql.conf <br>including configuration file /etc/raddb/sql/mysql/dialup.conf<br>including configuration file /etc/raddb/sql/mysql/counter.conf <br>including configuration file /etc/raddb/policy.conf <br>including files in directory /etc/raddb/sites-enabled/ <br>including configuration file /etc/raddb/sites-enabled/default<br>including configuration file /etc/raddb/sites-enabled/inner-tunnel <br>group = radiusd <br>user = radiusd <br>including dictionary file
/etc/raddb/dictionary <br>main { <br> prefix = "/usr" <br> localstatedir = "/var" <br> logdir = "/var/log/radius" <br> libdir = "/usr/lib64/freeradius" <br> radacctdir = "/var/log/radius/radacct" <br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024 <br> allow_core_dumps = no<br> pidfile = "/var/run/radiusd/radiusd.pid" <br> checkrad = "/usr/sbin/checkrad" <br>
debug_level = 0 <br> proxy_requests = yes <br> log { <br> stripped_names = no <br> auth = no<br> auth_badpass = no<br> auth_goodpass = no <br> } <br> security { <br> max_attributes = 200 <br> reject_delay = 1 <br> status_server = yes <br> } <br>}<br> client localhost { <br> ipaddr = 127.0.0.1 <br> require_message_authenticator = no <br> secret = "testing123"<br> nastype =
"other"<br> } <br>radiusd: #### Loading Realms and Home Servers #### <br> proxy server { <br> retry_delay = 5 <br> retry_count = 3 <br> default_fallback = no<br> dead_time = 120 <br> wake_all_if_all_dead = no<br> } <br> home_server localhost { <br> ipaddr = 127.0.0.1 <br> port = 1812 <br> type = "auth"<br> secret = "testing123"<br> response_window = 20 <br> max_outstanding = 65536 <br> zombie_period = 40
<br> status_check = "status-server" <br> ping_interval = 30 <br> check_interval = 30 <br> num_answers_to_alive = 3 <br> num_pings_to_alive = 3 <br> revive_interval = 120<br> status_check_timeout = 4 <br> } <br> home_server_pool my_auth_failover { <br> type = fail-over <br> home_server = localhost <br> } <br> realm example.com { <br> auth_pool = my_auth_failover <br> } <br> realm LOCAL { <br> } <br>radiusd: #### Instantiating modules ####
<br> instantiate { <br> Module: Linked to module rlm_exec <br> Module: Instantiating exec <br> exec { <br> wait = no<br> input_pairs = "request" <br> shell_escape = yes <br> } <br> Module: Linked to module rlm_expr <br> Module: Instantiating expr <br> Module: Linked to module rlm_expiration <br> Module: Instantiating expiration<br> expiration { <br> reply-message = "Password Has Expired " <br> } <br> Module: Linked to module rlm_logintime <br> Module: Instantiating logintime <br> logintime {<br> reply-message = "You are calling outside your allowed timespan "<br>
minimum-timeout = 60 <br> } <br> } <br>radiusd: #### Loading Virtual Servers #### <br>server inner-tunnel {<br> modules { <br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_pap<br> Module: Instantiating pap <br> pap { <br> encryption_scheme = "auto" <br> auto_header = no <br> } <br> Module: Linked to module rlm_chap <br> Module: Instantiating chap <br> Module: Linked to module rlm_mschap <br> Module: Instantiating mschap<br> mschap { <br> use_mppe = yes <br> require_encryption = no <br> require_strong = no
<br> with_ntdomain_hack = no <br> } <br> Module: Linked to module rlm_unix <br> Module: Instantiating unix <br> unix { <br> radwtmp = "/var/log/radius/radwtmp" <br> } <br> Module: Linked to module rlm_eap<br> Module: Instantiating eap <br> eap { <br> default_eap_type = "md5" <br> timer_expire = 60<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no <br> max_sessions = 2048 <br> } <br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5 <br> Module: Linked to sub-module rlm_eap_leap
<br> Module: Instantiating eap-leap <br> Module: Linked to sub-module rlm_eap_gtc<br> Module: Instantiating eap-gtc <br> gtc { <br> challenge = "Password: " <br> auth_type = "PAP"<br> } <br> Module: Linked to sub-module rlm_eap_tls<br> Module: Instantiating eap-tls <br> tls { <br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512 <br> dh_key_length = 512 <br> verify_depth = 0 <br> pem_file_type = yes <br> private_key_file = "/etc/raddb/certs/server.pem" <br>
certificate_file = "/etc/raddb/certs/server.pem" <br> CA_file = "/etc/raddb/certs/ca.pem" <br> private_key_password = "whatever"<br> dh_file = "/etc/raddb/certs/dh" <br> random_file = "/etc/raddb/certs/random" <br> fragment_size = 1024 <br> include_length = yes <br> check_crl = no <br> cipher_list = "DEFAULT" <br> make_cert_command = "/etc/raddb/certs/bootstrap" <br> cache {<br> enable = no<br> lifetime = 24<br> max_entries = 255<br>
}<br> }<br>Generating DH parameters, 1024 bit long safe prime, generator 2<br>This is going to take a long time<br>........+.........................................+...+ // etc.<br>unable to write 'random state'<br>dh: Permission denied<br>make: *** [dh] Error 1<br>Exec-Program output: openssl dhparam -out dh 1024<br>Exec-Program-Wait: plaintext: openssl dhparam -out dh 1024<br>Exec-Program: returned: 2<br>rlm_eap: Failed to initialize type tls<br>/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"<br>/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".<br>/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.<br> }<br>}<br>Errors initializing modules<br><br></div></div><br>
</body></html>