Hello!I'm OrgacK and this is my first post. I'm try to configure my own radius server for my house but before a lot of attempts I haven't got it. I always obtain same error: Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls radiusd.conf[10]: eap: Module instantiation failed. radiusd.conf[1897] Unknown module "eap". radiusd.conf[1844] Failed to parse authenticate section. I think about the CA, server certificates and client certificates are created correctly. I don't know what i can do, have somebody any idea? PD: Sorry I'm Spanish and my English isn't very good. Greeting
Hi,
rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls
it cant load the certificate file. please post your eap.conf alan
Hi,
rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls
it cant load the certificate file. please post your eap.conf
alan
This is my eap.conf, I have omited some comments eap { default_eap_type = tls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { #challenge = "Password: " auth_type = PAP } tls { private_key_password = ****** # have I to put the server pass phrase here? private_key_file = ${raddbdir}/certs/server_keycert.pem certificate_file = ${raddbdir}/certs/server_keycert.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes # check_crl = yes # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" # check_cert_cn = %{User-Name} # cipher_list = "DEFAULT" } #ttls { # default_eap_type = md5 # copy_request_to_tunnel = no # use_tunneled_reply = no #} peap { default_eap_type = mschapv2 # copy_request_to_tunnel = no # use_tunneled_reply = no # proxy_tunneled_request_as_eap = yes } mschapv2 { } }
Hi,
tls { private_key_password = ****** # have I to put the server pass phrase here?
yes. the pass phrase goes there.
private_key_file = ${raddbdir}/certs/server_keycert.pem certificate_file = ${raddbdir}/certs/server_keycert.pem
# Trusted Root CA list CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random
all of these files mentioned exist and are readable by the radiusd process? alan
all of these files mentioned exist and are readable by the radiusd process?
Yes, all of them have "chmod 777" just in case. The contents of server_keycert.pem and cacert.pem is the following: server_keycert.pem: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,**************** **************************************************************** **************************************************************** **************************************************************** **************************************************************** **************************************************************** -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- **************************************************************** **************************************************************** **************************************************************** **************************************************************** **************************************************************** -----END CERTIFICATE----- cacert.pem: Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: * Validity Not Before: Sep 19 22:17:43 2006 GMT Not After : Sep 18 22:17:43 2009 GMT Subject: * Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): * Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: * X509v3 Authority Key Identifier: * Signature Algorithm: sha1WithRSAEncryption * -----BEGIN CERTIFICATE----- **************************************************************** **************************************************************** **************************************************************** **************************************************************** **************************************************************** -----END CERTIFICATE-----
Hi everybody, I have a little problem with regular expression on Ldap-Group attribute. In the radiusd.conf I have : regular_expressions = yes extended_expressions = yes In the users file I have rule like this : DEFAULT Huntgroup-Name == "clietn802.x", Realm =="NULL", Ldap-Group =~ "^interne(.*)", Autz-Type := ldap In my test this rule must be matched but it's not the case.... If anybody have an idea?, Please! thanks in advance. ___________________________________________________________________________ Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. http://fr.answers.yahoo.com
Hi, hm, the _full_ debugging output (-X as has been time and time again been mentioned here, faq, etc.) would show, where exactly freeradius wants to read that file. "No such file or directory" does point pretty strong into the direction of the problem one would think. regards K. Hoercher
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
K. Hoercher -
listas -
Mitaine Yoann