Hi, All,
I am a graduate student in
I've generated the necessary CA files by openssl and done
all necessary settings in FreeRadius. For more detailed operations and
settings, please refer to the list below.
Operations and Settings on openssl and freeradius,
1, installed openssl-0.9.7-stable-SNAP-20060731, which is
downloaded from www.openssl.org.
2, completed the necessary settings in openssl, which is
locaed in /usr/local/openssl/ssl.
3, installed freeradius-1.1.0, which is download from
www.freeradius.org.
4, modified some settings in CA.all, which is located in
/usr/src/802/radius/freeradius-1.1.0/scripts, and run it to generated the CA
certificates for server, client as well as root.
5, added a NAS entry in clients.conf.
6, added a user entry in users.
7, started the radius server with the command
"./radiusd -X" normally.
8, with default settings in radius.conf, star freeradius
successfully, and it can accept the authentication-request from Windows XP
client and return the authentication-accept message. This authentication
request should belong to EAP-MD5, and the radius server could respond it
correctly by default-settings.
---- the operations below are for realization of EAP-TLS
----
9, copied the newly generated certificates files to the
place so that the freeradius could find them. In my case, I moved them to
/usr/local/radius/etc/raddb/certs as well as its subfolder /demoCA.
10, added a new user entry in users, which includes only the
username attribute because it is said that EAP-TLS would automatically identify
its password and other attributes from somewhere.
11, modified the default auth type to 'tls' in eap.conf.
12, uncommented all scripts related to EAP-TLS
authentication in eap.conf, including modification of path to the certificate
files in /usr/local/radius/etc/raddb/certs as well as ./demoCA.
13, tried to start the radius server with the command
"./radiusd -X", but the error message below was returned always.
**** log from terminal of linux where freeradius is running
****
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file =
"/usr/local/radius/etc/raddb/certs/cert-srv.pem"
tls: certificate_file =
"/usr/local/radius/etc/raddb/certs/cert-srv.pem"
tls: CA_file =
"/usr/local/radius/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file =
"/usr/local/radius/etc/raddb/certs/dh"
tls: random_file =
"/usr/local/radius/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "%{User-Name}"
rlm_eap_tls: Loading the certificate file as a chain
Segmentation fault
**** the end of log ****
Now I worried that there is something wrong in the
cert-srv.pem. I will appreciate all of you so much if anyone can help me take a
look at these certificate files.
I attached all of configuration files in the freeradius
folder. Please refer to them if needed. Looking forward to your reply. Thanks a
lot,
Best wishes,
Yan