hi i ve a problem with the eap module, i think its a problem with the certificate... but i used the CA.all script from freeradius... freeradius:~# freeradius -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "/path/to/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/lbs-certs/priv-srv.pem" tls: certificate_file = "/etc/lbs-certs/cert-srv.pem" tls: CA_file = "/usr/src/802/radius/freeradius-snapshot-20060227/scripts/demoCA/cacert.pem" tls: private_key_password = "lbsbz23kliu87nfgqeq3" tls: dh_file = "/etc/lbs-certs/dh" tls: random_file = "/dev/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 17062:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:454: 17062:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425: 17062:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed.
Hi,
tls: private_key_file = "/etc/lbs-certs/priv-srv.pem" tls: certificate_file = "/etc/lbs-certs/cert-srv.pem" tls: CA_file = "/usr/src/802/radius/freeradius-snapshot-20060227/scripts/demoCA/cacert.pem" tls: private_key_password = "xxxxxxxxxxxxxxxxxxxx"
wasnt sure if that was your passphrase...so obfuscated. are you sure you're using the correct passphrase...as if you used the CA.all script without changes then the passphrase will be the default phrase. also, by default you find that the private-key and the certificate file are the one and same pem file...you seem to pulling in two different files. the CA_File is generally just a .crt rather than the pem too. SSL is fun :-) alan
A.L.M.Buxey@lboro.ac.uk schrieb:
Hi,
tls: private_key_file = "/etc/lbs-certs/priv-srv.pem" tls: certificate_file = "/etc/lbs-certs/cert-srv.pem" tls: CA_file = "/usr/src/802/radius/freeradius-snapshot-20060227/scripts/demoCA/cacert.pem" tls: private_key_password = "xxxxxxxxxxxxxxxxxxxx"
wasnt sure if that was your passphrase...so obfuscated. are you sure you're using the correct passphrase...as if you used the CA.all script without changes then the passphrase will be the default phrase. also, by default you find that the private-key and the certificate file are the one and same pem file...you seem to pulling in two different files. the CA_File is generally just a .crt rather than the pem too.
SSL is fun :-)
yes ssl, is fun :-) now i have another problem, it seems that the the peap module isnt loading... because when i will compile ./configure rlm_eap_tls or other ssl modules he says me that iv not installed openssl but i have installed it. whats the problem??? /usr/local/openssl i compiled it by myself... its openssl-0.9.8a, and later ive installed with apt-get but the same error...
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
now i have another problem, it seems that the the peap module isnt loading... because when i will compile ./configure rlm_eap_tls or other ssl modules he says me that iv not installed openssl but i have installed it. whats the problem??? /usr/local/openssl i compiled it by myself... its openssl-0.9.8a, and later ive installed with apt-get but the same error...
when its says 'openssl not installed' during compiling...it generally means that it cannot find the development include files etc. if you've installed openssl by hand, you must ensure you have also installed the development stuff ..and that those are in the include path (either add to the required PATHs or use ./configure correctly ... ./configure --help ) . if using packages, then you must ensure openssl-devel package is installed. you may need to re-run make clean, ./configure etc etc after making such changes. alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Konne