<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Hello everyone.<br>Im trying to start my radius server and have some problems doing that.<br>I think I have missed to uncomment eap somewhere or something like that but I can find where.<br>I will give the output from the terminal, i've also tried to make my own certificate, but it says it has problems making them, dont really understand why and it is in the same output. Hope you can help me on this one because I cant find what Im doing wrong. <br><br>peter@freeradius:~$ sudo radiusd -X<br>FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on Dec  2 2009 at 16:29:59<br>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. <br>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A <br>PARTICULAR PURPOSE. <br>You may redistribute copies of FreeRADIUS under the terms of the <br>GNU General Public License v2. <br>Starting - reading configuration files ...<br>including configuration file /usr/local/etc/raddb/radiusd.conf<br>including configuration file /usr/local/etc/raddb/proxy.conf<br>including configuration file /usr/local/etc/raddb/clients.conf<br>including files in directory /usr/local/etc/raddb/modules/<br>including configuration file /usr/local/etc/raddb/modules/files<br>including configuration file /usr/local/etc/raddb/modules/realm<br>including configuration file /usr/local/etc/raddb/modules/checkval<br>including configuration file /usr/local/etc/raddb/modules/linelog<br>including configuration file /usr/local/etc/raddb/modules/mac2vlan<br>including configuration file /usr/local/etc/raddb/modules/counter<br>including configuration file /usr/local/etc/raddb/modules/attr_filter<br>including configuration file /usr/local/etc/raddb/modules/preprocess<br>including configuration file /usr/local/etc/raddb/modules/logintime<br>including configuration file /usr/local/etc/raddb/modules/sradutmp<br>including configuration file /usr/local/etc/raddb/modules/inner-eap<br>including configuration file /usr/local/etc/raddb/modules/always<br>including configuration file /usr/local/etc/raddb/modules/mschap<br>including configuration file /usr/local/etc/raddb/modules/ippool<br>including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login<br>including configuration file /usr/local/etc/raddb/modules/passwd<br>including configuration file /usr/local/etc/raddb/modules/smbpasswd<br>including configuration file /usr/local/etc/raddb/modules/unix<br>including configuration file /usr/local/etc/raddb/modules/chap<br>including configuration file /usr/local/etc/raddb/modules/wimax<br>including configuration file /usr/local/etc/raddb/modules/krb5<br>including configuration file /usr/local/etc/raddb/modules/smsotp<br>including configuration file /usr/local/etc/raddb/modules/pap<br>including configuration file /usr/local/etc/raddb/modules/pam<br>including configuration file /usr/local/etc/raddb/modules/acct_unique<br>including configuration file /usr/local/etc/raddb/modules/detail.log<br>including configuration file /usr/local/etc/raddb/modules/cui<br>including configuration file /usr/local/etc/raddb/modules/ldap<br>including configuration file /usr/local/etc/raddb/modules/policy<br>including configuration file /usr/local/etc/raddb/modules/attr_rewrite<br>including configuration file /usr/local/etc/raddb/modules/radutmp<br>including configuration file /usr/local/etc/raddb/modules/detail.example.com<br>including configuration file /usr/local/etc/raddb/modules/sql_log<br>including configuration file /usr/local/etc/raddb/modules/otp<br>including configuration file /usr/local/etc/raddb/modules/echo<br>including configuration file /usr/local/etc/raddb/modules/etc_group<br>including configuration file /usr/local/etc/raddb/modules/digest<br>including configuration file /usr/local/etc/raddb/modules/detail<br>including configuration file /usr/local/etc/raddb/modules/mac2ip<br>including configuration file /usr/local/etc/raddb/modules/expr<br>including configuration file /usr/local/etc/raddb/modules/exec<br>including configuration file /usr/local/etc/raddb/modules/perl<br>including configuration file /usr/local/etc/raddb/modules/expiration<br>including configuration file /usr/local/etc/raddb/eap.conf<br>including configuration file /usr/local/etc/raddb/sql.conf<br>including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf<br>including configuration file /usr/local/etc/raddb/policy.conf<br>including files in directory /usr/local/etc/raddb/sites-enabled/<br>including configuration file /usr/local/etc/raddb/sites-enabled/control-socket<br>including configuration file /usr/local/etc/raddb/sites-enabled/default<br>including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel<br>including dictionary file /usr/local/etc/raddb/dictionary<br>main {<br>    prefix = "/usr/local"<br>    localstatedir = "/usr/local/var"<br>    logdir = "/usr/local/var/log/radius"<br>    libdir = "/usr/local/lib"<br>    radacctdir = "/usr/local/var/log/radius/radacct"<br>    hostname_lookups = no<br>    max_request_time = 30<br>    cleanup_delay = 5<br>    max_requests = 1024<br>    allow_core_dumps = no<br>    pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<br>    checkrad = "/usr/local/sbin/checkrad"<br>    debug_level = 0<br>    proxy_requests = yes<br> log {<br>    stripped_names = no<br>    auth = no<br>    auth_badpass = no<br>    auth_goodpass = no<br> }<br> security {<br>    max_attributes = 200<br>    reject_delay = 1<br>    status_server = yes<br> }<br>}<br>radiusd: #### Loading Realms and Home Servers ####<br> proxy server {<br>    retry_delay = 5<br>    retry_count = 3<br>    default_fallback = no<br>    dead_time = 120<br>    wake_all_if_all_dead = no<br> }<br> home_server localhost {<br>    ipaddr = 127.0.0.1<br>    port = 1812<br>    type = "auth"<br>    secret = "testing123"<br>    response_window = 20<br>    max_outstanding = 65536<br>    require_message_authenticator = no<br>    zombie_period = 40<br>    status_check = "status-server"<br>    ping_interval = 30<br>    check_interval = 30<br>    num_answers_to_alive = 3<br>    num_pings_to_alive = 3<br>    revive_interval = 120<br>    status_check_timeout = 4<br>    irt = 2<br>    mrt = 16<br>    mrc = 5<br>    mrd = 30<br> }<br> home_server_pool my_auth_failover {<br>    type = fail-over<br>    home_server = localhost<br> }<br> realm example.com {<br>    auth_pool = my_auth_failover<br> }<br> realm LOCAL {<br> }<br>radiusd: #### Loading Clients ####<br> client Netgear1 {<br>    ipaddr = 192.168.118.15<br>    require_message_authenticator = no<br>    secret = "kaffe"<br>    nastype = "other"<br> }<br> client Netgear2 {<br>    ipaddr = 192.168.118.25<br>    require_message_authenticator = no<br>    secret = "kaffe"<br>    nastype = "other"<br> }<br> client Mikrotik {<br>    ipaddr = 192.168.118.10<br>    require_message_authenticator = no<br>    secret = "kaffe"<br>    nastype = "other"<br> }<br> client localhost {<br>    ipaddr = 127.0.0.1<br>    require_message_authenticator = no<br>    secret = "testing123"<br>    nastype = "other"<br> }<br>radiusd: #### Instantiating modules ####<br> instantiate {<br> Module: Linked to module rlm_exec<br> Module: Instantiating exec<br>  exec {<br>    wait = no<br>    input_pairs = "request"<br>    shell_escape = yes<br>  }<br> Module: Linked to module rlm_expr<br> Module: Instantiating expr<br> Module: Linked to module rlm_expiration<br> Module: Instantiating expiration<br>  expiration {<br>    reply-message = "Password Has Expired  "<br>  }<br> Module: Linked to module rlm_logintime<br> Module: Instantiating logintime<br>  logintime {<br>    reply-message = "You are calling outside your allowed timespan  "<br>    minimum-timeout = 60<br>  }<br> }<br>radiusd: #### Loading Virtual Servers ####<br>server inner-tunnel {<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_pap<br> Module: Instantiating pap<br>  pap {<br>    encryption_scheme = "auto"<br>    auto_header = no<br>  }<br> Module: Linked to module rlm_chap<br> Module: Instantiating chap<br> Module: Linked to module rlm_mschap<br> Module: Instantiating mschap<br>  mschap {<br>    use_mppe = yes<br>    require_encryption = yes<br>    require_strong = yes<br>    with_ntdomain_hack = no<br>  }<br> Module: Linked to module rlm_unix<br> Module: Instantiating unix<br>  unix {<br>    radwtmp = "/usr/local/var/log/radius/radwtmp"<br>  }<br> Module: Linked to module rlm_eap<br> Module: Instantiating eap<br>  eap {<br>    default_eap_type = "peap"<br>    timer_expire = 60<br>    ignore_unknown_eap_types = no<br>    cisco_accounting_username_bug = no<br>    max_sessions = 2048<br>  }<br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5<br> Module: Linked to sub-module rlm_eap_leap<br> Module: Instantiating eap-leap<br> Module: Linked to sub-module rlm_eap_gtc<br> Module: Instantiating eap-gtc<br>   gtc {<br>    challenge = "Password: "<br>    auth_type = "PAP"<br>   }<br> Module: Linked to sub-module rlm_eap_tls<br> Module: Instantiating eap-tls<br>   tls {<br>    rsa_key_exchange = no<br>    dh_key_exchange = yes<br>    rsa_key_length = 512<br>    dh_key_length = 512<br>    verify_depth = 0<br>    pem_file_type = yes<br>    private_key_file = "/usr/local/etc/raddb/certs/server.pem"<br>    certificate_file = "/usr/local/etc/raddb/certs/server.pem"<br>    CA_file = "/usr/local/etc/raddb/certs/ca.pem"<br>    private_key_password = "kaffe"<br>    dh_file = "/usr/local/etc/raddb/certs/dh"<br>    random_file = "/usr/local/etc/raddb/certs/random"<br>    fragment_size = 1024<br>    include_length = yes<br>    check_crl = no<br>    cipher_list = "DEFAULT"<br>    make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"<br>    cache {<br>    enable = no<br>    lifetime = 24<br>    max_entries = 255<br>    }<br>   }<br>Generating a 2048 bit RSA private key<br>..........................+++<br>....................................................................................................................................................................................................+++<br>unable to write 'random state'<br>writing new private key to 'server.key'<br>-----<br>problems making Certificate Request<br>4098:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2<br>make: *** [server.csr] Error 1<br>Generating DH parameters, 1024 bit long safe prime, generator 2<br>This is going to take a long time<br>......................................................+.........+...................................................................+...................+......................................+...................................+...........................................................+...........................................................................+.............+........................+.......................................................................+........++*++*++*<br>unable to write 'random state'<br>Generating a 2048 bit RSA private key<br>.......+++<br>...........................................+++<br>unable to write 'random state'<br>writing new private key to 'server.key'<br>-----<br>problems making Certificate Request<br>4101:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2<br>Exec-Program output: openssl req -new  -out server.csr -keyout server.key -config ./server.cnf <br>Exec-Program-Wait: plaintext: openssl req -new  -out server.csr -keyout server.key -config ./server.cnf <br>Exec-Program: returned: 1<br>rlm_eap: Failed to initialize type tls<br>/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"<br>/usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".<br>/usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.<br><br>Thanks!<br><br>Best regards/ Peter<br>                                      <br /><hr />Windows Live: Make it easier for your friends to see  <a href='http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009' target='_new'>what you’re up to on Facebook.</a></body>
</html>