Alan, I feel extremely stupid even though I know I am not. Running radiusd -X command as a root gives me the following error message as I posted here yesterday; PS: I'm just posting last part of the output here. The full output can be seen at my previous email that I sent yesterday. ------------------------------------------------------------------------------------------------------------------------------- Module: Instantiating eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/raddb/certs/bootstrap" } rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /etc/raddb/sites-enabled/default[252]: Failed to find module "eap". /etc/raddb/sites-enabled/default[199]: Errors parsing authenticate section. } } Errors initializing modules comp-010:/home/srn # --------------------------------------------------------------------------------------------------------------------- It says a 'permission denied' and you asked me earlier if I was running the command as a root, which the answer is yes. So, how can I overcome this problem? Thank you George On Thu, May 1, 2008 at 11:50 AM, Alan DeKok <aland@deployingradius.com> wrote:
George KNIGHT wrote:
Yes, I run all the commands as a root. Is this wrong?
No.
When I run the bootstrap script, again, as a root, here is what I get;
<sigh> You said it had errors. You need to show what those errors are. Showing that it runs *without* errors doesn't help.
I will use the default certs for just testing purposes. Once I make this work with defaults ones, I will sure go ahead and create new certificates. But at this moment, all I want to see a working version of PEAP authentication in my test environment.
Follow the instructions. It WILL work.
- uncheck "validate server certificate" in Windows. - add username/password to FreeRADIUS as per the FAQ - start the server - verify that PEAP works.
That's what I do. It's not complicated. It doesn't require "special" knowledge or experience. It really *is* that easy.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html