missing config items on reinstall
I had installed openssl and freeradius (deb package) on Ubuntu 10.04, but had made a mess of things and decided to just purge everything and start over. Freeradius will not start now, because the symlinks and radiusd.conf file were not reproduced.: rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/server.pem rlm_eap: Failed to initialize type tls I can copy over another .conf file and look at another server for the symlinks, but is there a way to fix this, without piecing things together, and preventing this from occurring in the future?
Hi,
rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/server.pem rlm_eap: Failed to initialize type tls
when you first run FreeRADIUS, if you havent made certs etc, then it will make certs for you....check the eap.conf config file and see the line make_cert_command = "${certdir}/bootstrap" once the system is running, it will assume that the required certs are in place...in your case you have deleted those...they either need to be put back/recovered...or, if they are self-signed testing ones, just run the bootstrap command again! alan
I would love to run the bootstrap command, but I get the "make all" error. Bootstrap did not exist till I copied it down from the web site. Should it work by copying the .cnf files to /certs, editing them, then running ./bootstrap ? ( I deleted all .csr and .key files) -----Original Message----- From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Sender: freeradius-users-bounces+admin=lctn.org@lists.freeradius.org Date: Tue, 15 Feb 2011 18:02:33 To: FreeRadius users mailing list<freeradius-users@lists.freeradius.org> Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: missing config items on reinstall Hi,
rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading certificate file /etc/freeradius/certs/server.pem rlm_eap: Failed to initialize type tls
when you first run FreeRADIUS, if you havent made certs etc, then it will make certs for you....check the eap.conf config file and see the line make_cert_command = "${certdir}/bootstrap" once the system is running, it will assume that the required certs are in place...in your case you have deleted those...they either need to be put back/recovered...or, if they are self-signed testing ones, just run the bootstrap command again! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Hi,
I would love to run the bootstrap command, but I get the "make all" error. Bootstrap did not exist till I copied it down from the web site. Should it work by copying the .cnf files to /certs, editing them, then running ./bootstrap ? ( I deleted all .csr and .key files)
debian? apt-get install build-essentials alan
Couldn't get "make" or ./bootstrap to work, even though I have build-essentials installed and am running commands as root. Plan B for simple eap (If you are getting certificate errors when starting freeradius): I know this is a hack, but it worked the first time for me. Remove all files and symlinks from /etc/freeradius/certs Download server.cnf, ca.cnf, and client.cnf from https://github.com/alandekok/freeradius-server Edit and copy to /etc/freeradius/certs. In /etc/freradius/certs, paste the following (or make script): openssl dhparam -out dh 1024 dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1; openssl req -new -out server.csr -keyout server.key -config ./server.cnf openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf touch index.txt echo '01' > serial openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` openssl verify -CAfile ca.pem server.pem openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der openssl req -new -out client.csr -keyout client.key -config ./client.cnf openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf Change password in /etc/freeradius/eap.conf to match others you just edited. Add client info to /etc/freeradius/client.conf Edit /etc/freeradius/users and add a user to the top of file (bob Cleartext-Password := "hello") Configure client (worked on Linux and IPod): (Linux wireless) Security: WPA &WPA2 Enterprise Authentication: Protected EAP (PEAP) CA: None PEAP Version: Automatic Inner Authentication: MSCHAPv2 Username: bob Password:hello Start freeradius (freeradius -X) Should be able to connect and login without any other changes
participants (3)
-
admin@lctn.org -
Alan Buxey -
Raymond Norton