Hi,
I installed freeradius to manage the wifi network of
our organization (17 wifi ap)
It works well when launched in command line (radiusd –X),
but I can’t make it work as a service,
‘Service radiusd start’ seems to work,
but radius close immediately after, so a status will say that radiusd is dead,
but subsys is locked.
Here is the output of the radius –X :
# radiusd -X
Starting - reading
configuration files ...
reread_config:
reading radiusd.conf
Config:
including file: /etc/raddb/proxy.conf
Config:
including file: /etc/raddb/clients.conf
Config:
including file: /etc/raddb/snmp.conf
Config: including
file: /etc/raddb/eap.conf
Config:
including file: /etc/raddb/sql.conf
main: prefix =
"/usr/local"
main:
localstatedir = "/usr/local/var"
main: logdir =
"/usr/local/var/log/radius"
main: libdir =
"/usr/local/lib"
main: radacctdir
= "/usr/local/var/log/radius/radacct"
main:
hostname_lookups = no
main:
max_request_time = 30
main:
cleanup_delay = 5
main:
max_requests = 1024
main:
delete_blocked_requests = 0
main: port = 1812
main:
allow_core_dumps = no
main:
log_stripped_names = no
main: log_file =
"/usr/local/var/log/radius/radius.log"
main: log_auth =
no
main:
log_auth_badpass = no
main:
log_auth_goodpass = no
main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
main: user =
"nobody"
main: group =
"nobody"
main: usercollide
= no
main: lower_user
= "no"
main: lower_pass
= "no"
main:
nospace_user = "no"
main:
nospace_pass = "no"
main: checkrad =
"/usr/local/sbin/checkrad"
main:
proxy_requests = yes
proxy:
retry_delay = 5
proxy:
retry_count = 3
proxy:
synchronous = no
proxy:
default_fallback = yes
proxy: dead_time
= 120
proxy:
post_proxy_authorize = yes
proxy:
wake_all_if_all_dead = no
security:
max_attributes = 200
security:
reject_delay = 1
security:
status_server = no
main: debug_level
= 0
read_config_files:
reading dictionary
read_config_files:
reading naslist
Using deprecated
naslist file. Support for this will go away soon.
read_config_files:
reading clients
read_config_files:
reading realms
listen: port = 1812
listen: type = "auth"
listen: port = 1813
listen: type = "acct"
radiusd: entering
modules setup
Module: Library
search path is /usr/local/lib
Module: Loaded
exec
exec: wait = yes
exec: program =
"(null)"
exec: input_pairs
= "request"
exec:
output_pairs = "(null)"
exec: packet_type
= "(null)"
rlm_exec: Wait=yes
but no output defined. Did you mean output=none?
Module:
Instantiated exec (exec)
Module: Loaded
expr
Module:
Instantiated expr (expr)
Module: Loaded
System
unix: cache = no
unix: passwd =
"(null)"
unix: shadow =
"(null)"
unix: group =
"(null)"
unix: radwtmp =
"/usr/local/var/log/radius/radwtmp"
unix: usegroup =
no
unix:
cache_reload = 600
Module:
Instantiated unix (unix)
Module: Loaded eap
eap:
default_eap_type = "tls"
eap: timer_expire
= 60
eap:
ignore_unknown_eap_types = yes
eap:
cisco_accounting_username_bug = no
tls:
rsa_key_exchange = no
tls:
dh_key_exchange = yes
tls:
rsa_key_length = 512
tls:
dh_key_length = 512
tls: verify_depth
= 0
tls: CA_path =
"(null)"
tls:
pem_file_type = yes
tls:
private_key_file = "/etc/raddb/certs/wifi.dasilva.int.pem"
tls:
certificate_file = "/etc/raddb/certs/wifi.dasilva.int.pem"
tls: CA_file =
"/etc/raddb/certs/root.pem"
tls:
private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls:
fragment_size = 1024
tls:
include_length = yes
tls: check_crl =
no
tls:
check_cert_cn = "(null)"
rlm_eap: Loaded
and initialized type tls
peap:
default_eap_type = "tls"
peap:
copy_request_to_tunnel = no
peap:
use_tunneled_reply = no
peap:
proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded
and initialized type peap
Module:
Instantiated eap (eap)
Module: Loaded
preprocess
preprocess:
huntgroups = "/etc/raddb/huntgroups"
preprocess: hints
= "/etc/raddb/hints"
preprocess:
with_ascend_hack = no
preprocess:
ascend_channels_per_line = 23
preprocess:
with_ntdomain_hack = no
preprocess:
with_specialix_jetstream_hack = no
preprocess:
with_cisco_vsa_hack = no
Module: Instantiated
preprocess (preprocess)
Module: Loaded
detail
detail:
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail:
detailperm = 384
detail: dirperm =
493
detail: locking =
no
Module:
Instantiated detail (auth_log)
Module: Loaded
files
files: usersfile
= "/etc/raddb/users"
files:
acctusersfile = "/etc/raddb/acct_users"
files:
preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat =
"no"
Module:
Instantiated files (files)
Module: Loaded
Acct-Unique-Session-Id
acct_unique: key
= "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
Module:
Instantiated acct_unique (acct_unique)
Module: Loaded
realm
realm: format =
"suffix"
realm: delimiter
= "@"
realm:
ignore_default = no
realm:
ignore_null = no
Module:
Instantiated realm (suffix)
detail:
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail:
detailperm = 384
detail: dirperm =
493
detail: locking =
no
Module:
Instantiated detail (detail)
Module: Loaded
radutmp
radutmp: filename
= "/usr/local/var/log/radius/radutmp"
radutmp: username
= "%{User-Name}"
radutmp:
case_sensitive = yes
radutmp:
check_with_nas = yes
radutmp: perm =
384
radutmp: callerid
= yes
Module:
Instantiated radutmp (radutmp)
Listening on
authentication *:1812
Listening on
accounting *:1813
Ready to process
requests.
I don’t see any errors in that, and I can’t
seem to find a solution via google.
Fiy, the identification is done by certificates.
Nicolas INNOCENT
Resp. Informatique Groupe Da Silva
-----------------------------------------------------
Tél : 05 62 20 41 31
Fax : 05 62 20 60 04
@ : sysadmin@groupe-dasilva.com
Site web : http://www.dasilva.fr/
-----------------------------------------------------