SSL Certificate Problem...

Bernd s4ndm4n at gmx.de
Fri Nov 2 10:14:27 CET 2007 

So I did the changes you told me. I can still not connect to my WLAN, but I
think thats because I have no certificates created or imported.

Debug Mode tells me this...

rad_recv: Accounting-Request packet from host 192.168.1.6:1028, id=16,
length=161
        User-Name = "bnickaes"
        NAS-Identifier = "BBi5"
        Called-Station-Id = "00-19-cb-1f-66-2d:BBi WLAN test"
        Calling-Station-Id = "00-14-a5-3e-a8-ba"
        Acct-Status-Type = Stop
        Acct-Session-Id = "40000000016"
        Acct-Input-Octets = 1508
        Acct-Output-Octets = 0
        Acct-Input-Packets = 6
        Acct-Output-Packets = 0
        Acct-Delay-Time = 0
        Acct-Session-Time = 6
        Acct-Terminate-Cause = NAS-Request
        Acct-Input-Gigawords = 0
        Acct-Output-Gigawords = 0
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 32
  modcall[preacct]: module "preprocess" returns noop for request 32
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.1.6,NAS-IP-Address =
192.168.1.6,Acct-Session-Id = "40000000016",User-Name = "bnickaes"'
rlm_acct_unique: Acct-Unique-Session-ID = "c32063e973b8db95".
  modcall[preacct]: module "acct_unique" returns ok for request 32
    rlm_realm: No '@' in User-Name = "bnickaes", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[preacct]: module "suffix" returns noop for request 32
  modcall[preacct]: module "files" returns noop for request 32
modcall: leaving group preacct (returns ok) for request 32
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 32
radius_xlat:  '/var/log/radius/radacct/192.168.1.6/detail-20071102'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.6/detail-20071102
  modcall[accounting]: module "detail" returns ok for request 32
  modcall[accounting]: module "unix" returns noop for request 32
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'bnickaes'
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
  modcall[accounting]: module "radutmp" returns noop for request 32
radius_xlat:  'bnickaes'
rlm_sql (sql): sql_set_user escaped user --> 'bnickaes'
radius_xlat:  'UPDATE radacct           SET FramedIPAddress = '',
AcctSessionTime = '6',           AcctInputOctets = '1508',
AcctOutputOctets = '0', ?  AcctStopTime =
FROM_UNIXTIME(UNIX_TIMESTAMP(`AcctStartTime`) + `AcctSessionTime` )
WHERE UserName = 'bnickaes'           AND AcctStopTime= '0000-00-00
00:00:00' '
radius_xlat:  '/var/log/radius/sqltrace.sql'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query:  UPDATE radacct           SET FramedIPAddress = '',
AcctSessionTime = '6',           AcctInputOctets = '1508',
AcctOutputOctets = '0', ?  AcctStopTime =
FROM_UNIXTIME(UNIX_TIMESTAMP(`AcctStartTime`) + `AcctSessionTime` )
WHERE UserName = 'bnickaes'           AND AcctStopTime= '0000-00-00
00:00:00'
rlm_sql (sql): Released sql socket id: 3
  modcall[accounting]: module "sql" returns ok for request 32
modcall: leaving group accounting (returns ok) for request 32 Sending
Accounting-Response of id 16 to 192.168.1.6 port 1028 Finished request 32

...and I think it's OK.

So I tried to create some certificates to get this finally done.

After I did what "Tutorial for AD integration" told me about creating self
signed certificates I run CA.all. So I type in all information and see this:


+ openssl ca -policy policy_anything -out newcert.pem -passin 
+ pass:whatever -key whatever -extensions xpserver_ext -extfile 
+ xpextensions -infiles newreq.pem
Using configuration from /etc/ssl/openssl.cnf Error opening CA private key
./cakey.pem 5010:error:02001002:system library:fopen:No such file or
directory:bss_file.c:352:fopen('./cakey.pem','r')
5010:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load CA private key
+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out 
+ cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
Error opening input file newcert.pem
newcert.pem: No such file or directory
+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin 
+ pass:whatever -passout pass:whatever
Error opening input file cert-srv.p12
cert-srv.p12: No such file or directory
+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out 
+ cert-srv.der
Error opening Certificate cert-srv.pem
5013:error:02001002:system library:fopen:No such file or
directory:bss_file.c:352:fopen('cert-srv.pem','r')
5013:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
unable to load certificate
+ echo -e '\n\t\t##################\n'

                ##################

Maybe my fault is trivial, but I'm really a little clobbered over the head
with all this at the moment and I just got one week to get it done.

More information about the Freeradius-Users mailing list