Ivan Kalik,

>>I should note that in my radiusd.conf file, I'm not including "eap.conf" nor "sites-enabled/", but other than that I have all default settings.

>Well done! By removing /sites-enabled you have stopped the server from
>processing all As from AAA (authentication, authorization and
>accounting) in one masterfull stroke. Now put everything back as it was.

Thanks for the reply.  I didn't realize disabling sites-enabled would disable all AAA services.

Running radiusd -X as root with default settings gives errors related to EAP and Diffie-Hellman.  I'm running the x64 package from openSUSE 11.1 (FreeRADIUS 2.1.1).  I have OpenSSL 0.9.8h installed.

The radiusd -X output is listed below.  Thanks for any comments on this.

Will


gcwifi-auth-vm:~ # radiusd -X
FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec  3 2008 at 13:57:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.  
Starting - reading configuration files ...  
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf  
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/pam 
including configuration file /etc/raddb/modules/pap 
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/radutmp 
including configuration file /etc/raddb/modules/counter 
including configuration file /etc/raddb/modules/acct_unique 
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/linelog 
including configuration file /etc/raddb/modules/detail.example.com  
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/sql_log 
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/always  
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/detail  
including configuration file /etc/raddb/modules/digest  
including configuration file /etc/raddb/modules/ippool  
including configuration file /etc/raddb/modules/mac2ip  
including configuration file /etc/raddb/modules/mschap  
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/passwd  
including configuration file /etc/raddb/modules/policy  
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/preprocess  
including configuration file /etc/raddb/modules/attr_filter 
including configuration file /etc/raddb/modules/detail.log  
including configuration file /etc/raddb/modules/expiration  
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf  
including configuration file /etc/raddb/policy.conf 
including files in directory /etc/raddb/sites-enabled/  
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel  
group = radiusd 
user = radiusd  
including dictionary file /etc/raddb/dictionary 
main {  
        prefix = "/usr" 
        localstatedir = "/var"  
        logdir = "/var/log/radius"  
        libdir = "/usr/lib64/freeradius"
        radacctdir = "/var/log/radius/radacct"  
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024 
        allow_core_dumps = no
        pidfile = "/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/sbin/checkrad" 
        debug_level = 0 
        proxy_requests = yes
 log {  
        stripped_names = no 
        auth = no
        auth_badpass = no
        auth_goodpass = no  
 }  
 security { 
        max_attributes = 200
        reject_delay = 1
        status_server = yes 
 }  
}
 client localhost { 
        ipaddr = 127.0.0.1  
        require_message_authenticator = no  
        secret = "testing123"
        nastype = "other"
 }  
radiusd: #### Loading Realms and Home Servers ####  
 proxy server { 
        retry_delay = 5 
        retry_count = 3 
        default_fallback = no
        dead_time = 120 
        wake_all_if_all_dead = no
 }  
 home_server localhost {
        ipaddr = 127.0.0.1  
        port = 1812 
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536 
        zombie_period = 40  
        status_check = "status-server"  
        ping_interval = 30  
        check_interval = 30 
        num_answers_to_alive = 3
        num_pings_to_alive = 3  
        revive_interval = 120
        status_check_timeout = 4
 }  
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost 
 }  
 realm example.com {
        auth_pool = my_auth_failover
 }  
 realm LOCAL {  
 }  
radiusd: #### Instantiating modules ####
 instantiate {  
 Module: Linked to module rlm_exec  
 Module: Instantiating exec 
  exec {
        wait = no
        input_pairs = "request" 
        shell_escape = yes  
  } 
 Module: Linked to module rlm_expr  
 Module: Instantiating expr 
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {  
        reply-message = "Password Has Expired  "
  } 
 Module: Linked to module rlm_logintime 
 Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  } 
 }  
radiusd: #### Loading Virtual Servers ####  
server inner-tunnel {
 modules {  
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap  
  pap { 
        encryption_scheme = "auto"  
        auto_header = no
  } 
 Module: Linked to module rlm_chap  
 Module: Instantiating chap 
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {  
        use_mppe = yes  
        require_encryption = no 
        require_strong = no 
        with_ntdomain_hack = no 
  } 
 Module: Linked to module rlm_unix  
 Module: Instantiating unix 
  unix {
        radwtmp = "/var/log/radius/radwtmp" 
  } 
 Module: Linked to module rlm_eap
 Module: Instantiating eap  
  eap { 
        default_eap_type = "md5"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no  
        max_sessions = 2048 
  } 
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5  
 Module: Linked to sub-module rlm_eap_leap  
 Module: Instantiating eap-leap 
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc  
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls  
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512 
        verify_depth = 0
        pem_file_type = yes 
        private_key_file = "/etc/raddb/certs/server.pem"
        certificate_file = "/etc/raddb/certs/server.pem"
        CA_file = "/etc/raddb/certs/ca.pem" 
        private_key_password = "whatever"
        dh_file = "/etc/raddb/certs/dh" 
        random_file = "/etc/raddb/certs/random" 
        fragment_size = 1024
        include_length = yes
        check_crl = no  
        cipher_list = "DEFAULT" 
        make_cert_command = "/etc/raddb/certs/bootstrap"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
   }
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
........+.........................................+...+  // etc.
unable to write 'random state'
dh: Permission denied
make: *** [dh] Error 1
Exec-Program output: openssl dhparam -out dh 1024
Exec-Program-Wait: plaintext: openssl dhparam -out dh 1024
Exec-Program: returned: 2
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
 }
}
Errors initializing modules