Hi Alan! Thanks! I'm trying to remember where to look for the password in the eap module configuration. I'm guessing at this point that it's in clients.conf? Sorry, it's been almost 2 years since I set this up and tinkered with it. Question for you and the group. If we did Ubuntu updates on this server, could that have broken the freeradius configs/functionality? Appreciate everyones help and patience. =)
Alan DeKok <aland@deployingradius.com> 5/17/2019 9:59 AM >>> On May 17, 2019, at 9:52 AM, Chris Bradley <bradleyc@bcsc.k12.in.us> wrote:
We're suddenly having issues where Freeradius will not start. doing freeradius -X shows the list below the line.
Any ideas to help us get it working again? We set it up using an install guide so, we are very much newbs at using Freeradius.
FreeRADIUS doesn't suddenly change how it handles the certificates. So something else happened.
tls: Failed reading private key file "/etc/freeradius/certs/server.pem" tls: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
The private key file is protected by a password. That password is in the FreeRADIUS "eap" module configuration. It's passed to OpenSSL in order to decrypt the private key. If OpenSSL is returning "bad decrypt", then the password can't decrypt the key. There are a few possibilities: a) the password in the configuration file is wrong b) the key was re-encrypted with a different password You might need to re-generate the private key && certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html