Hi. I'm istalling freeradius on a debian machine, with OpenSSL 0.9.8d 28 Sep 2006, but i'm having some problems (i'm a newbie in radius) eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no #md5 { #} #leap { #} #gtc { # challenge = "Password: " # auth_type = PAP #} # To generate ctest certificates, run the script # ../scripts/certs.sh # http://www.dslreports.com/forum/remark,9286052~mode=flat tls { private_key_password = radiusUDP private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes check_crl = yes check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" check_cert_cn = %{User-Name} cipher_list = "DEFAULT" } #ttls { #default_eap_type = peap #copy_request_to_tunnel = no #use_tunneled_reply = no #} peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes } mschapv2 { } } radius.conf can be downloaded here<http://200.14.84.251/%7Edromero/radiusd.conf> The log: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "radiusUDP" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = yes tls: check_cert_cn = "%{User-Name}" tls: cipher_list = "DEFAULT" tls: check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[398] Unknown module "eap". radiusd.conf[381] Failed to parse authenticate section. Help!!! ;)
Daniel Romero wrote:
I'm istalling freeradius on a debian machine, with OpenSSL 0.9.8d 28 Sep 2006, but i'm having some problems (i'm a newbie in radius)
eap.conf
...
tls { private_key_password = radiusUDP private_key_file = ${raddbdir}/certs/cert- srv.pem
Are you sure? The space looks suspicious. Alan DeKok. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
First question. Did you install from source, did you create your own binaries, or did you use debian provided binaries. Debian provided Binaries do not include SSL support. (Violation of SSL license terms I believe) Creating your own binaries are easily done http://wiki.freeradius.org/Build#Building_Debian_packages ________________________________ Hi. I'm istalling freeradius on a debian machine, with OpenSSL 0.9.8d 28 Sep 2006, but i'm having some problems (i'm a newbie in radius)
Hi. freeradius fully compiled on my machine... The problem was solved... i't was a misstyped secret on the key. But now there is another problem: the suplicant send the access-request and freeradius anwer with a Access-Challenge, but the handshake stop here: rad_recv: Access-Request packet from host 192.168.100.185:1086, id=0, length=202 Message-Authenticator = 0x38acd1df3dc52ea08db48df987a4eb1f Service-Type = Framed-User User-Name = "dromero" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-18-62-00:RadiusLab" Calling-Station-Id = "00-0E-6A-9B-86-20" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000c0164726f6d65726f NAS-IP-Address = 192.168.100.185 NAS-Port = 1 NAS-Port-Id = "STA port # 1" rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 Sending Access-Challenge id=0 (to id=2) . . . Sending Access-Challenge of id 3 to 192.168.100.185 port 1084 Framed-IP-Address := 192.168.100.210 Framed-IP-Netmask := 255.255.255.255 Framed-Protocol := PPP Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP EAP-Message = 0x010400061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdaa73e4eb46715230e0f671b850c7224 and stop... any ideas? On 11/29/06, King, Michael <MKing@bridgew.edu> wrote:
First question. Did you install from source, did you create your own binaries, or did you use debian provided binaries.
Debian provided Binaries do not include SSL support. (Violation of SSL license terms I believe)
Creating your own binaries are easily done
http://wiki.freeradius.org/Build#Building_Debian_packages
________________________________
Hi.
I'm istalling freeradius on a debian machine, with OpenSSL 0.9.8d 28 Sep 2006, but i'm having some problems (i'm a newbie in radius)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Daniel Romero wrote:
But now there is another problem: the suplicant send the access-request and freeradius anwer with a Access-Challenge, but the handshake stop here:
See the FAQ. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
Daniel Romero -
King, Michael