Hi, I m running freeRADIUS 1.1.2. Trying to run it for PEAP authentication and made few changes in radiusd.conf,eap.conf & users files in /usr/local/etc/raddb/ directory. on running freeradius in debugging mode by typing "radiusd -x" on command prompt it gives this output: [root@localhost ~]# radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0200100E:system library:fopen:Bad address rlm_eap_tls: Error reading certificate file rlm_eap: Failed to initialize type tls radiusd.conf [10]: eap: Module instantiation failed. radiusd.conf[1920] Unknown module "eap". radiusd.conf[1867] Failed to parse authenticate section. I am attaching radiusd.conf,clients.conf,eap.conf and users files here. Plz tell me also how to mention network in clients.conf. Do i need to install openssl before running freeradius server? I m pasting my files below here: xxxxxxxxxxxx radiusd.conf xxxxxxxxxxxx ## radiusd.conf -- FreeRADIUS server configuration file. prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct # Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid #user = nobody #group = nobody # max_request_time: The maximum time (in seconds) to handle a request. # # Useful range of values: 5 to 120 # max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no # The program to execute to do concurrency checks. checkrad = ${sbindir}/checkrad # SECURITY CONFIGURATION security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf # CLIENTS CONFIGURATION $INCLUDE ${confdir}/clients.conf # SNMP CONFIGURATION snmp = no $INCLUDE ${confdir}/snmp.conf # THREAD POOL CONFIGURATION thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } # MODULE CONFIGURATION modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } # Extensible Authentication Protocol $INCLUDE ${confdir}/eap.conf # Microsoft CHAP authentication mschap { authtype = MS-CHAP #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } # Lightweight Directory Access Protocol (LDAP) ldap { server = "ldap.your.domain" # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "o=My Org,c=UA" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" # groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 } #} #} realm IPASS { format = prefix delimiter = "/" ignore_default = no ignore_null = no } # 'username@realm' # realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = no } # 'username%realm' # realm realmpercent { format = suffix delimiter = "%" ignore_default = no ignore_null = no } # # 'domain\user' # realm ntdomain { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } # checkval { # The attribute to look for in the request item-name = Calling-Station-Id # The attribute to look for in check items. Can be multi valued check-name = Calling-Station-Id data-type = string } #} preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no # H323-Attribute = "value" with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 #suppress { # User-Password #} } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp # # You may want instead: %{Stripped-User-Name:-%{User-Name}} username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { # allowed values: {no, yes} wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } # Instantiation instantiate { exec expr } authorize { preprocess chap mschap suffix eap files } # Authentication. authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix # } eap } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp } session { radutmp } post-auth { # } } pre-proxy { } post-proxy { eap } xxxxxxxxxxxxxxradiusd.conf ends here xxxxxxxxxxxxxxxxx xxxxxxxxxxxxxx eap.conf xxxxxxxxxxxxx ap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = yes cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh # random_file = ${raddbdir}/certs/random # fragment_size = 1024 # include_length = yes # check_crl = yes # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" # check_cert_cn = %{User-Name} # } peap { default_eap_type = mschapv2 } mschapv2 { } } xxxxxxxxxxxxxxxxx eap.conf ends here xxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxx clients.conf xxxxxxxxxxx # # clients.conf - client configuration directives client 127.0.0.1 { secret = testing123 shortname = localhost nastype = other # localhost isn't usually a NAS... } #client 192.168.0.0/24 { # secret = testing123-1 # shortname = private-network-1 #} # #client 192.168.0.0/16 { # secret = testing123-2 # shortname = private-network-2 #} xxxxxxxxxxxxxxx clients.conf ends here xxxxxxxxxxxxxxxx xxxxxxxxx users xxxxxxxxx "testuser" User-Password == "testing" Reply-Message = "Hello, %u" DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP xxxxxxxxxx users file ends here xxxxxxxxxxxxxxxxx can anybody suggest me how to make it work(what modifications i need to do) -- Regards Pradeep Singh