SSL Certificate Problem...

tnt at kalik.co.yu tnt at kalik.co.yu
Fri Nov 2 13:14:43 CET 2007 

http://lists.freeradius.org/pipermail/freeradius-users/2007-October/066981.html

Ivan Kalik
Kalik Informatika ISP


Dana 2/11/2007, "Bernd" <s4ndm4n at gmx.de> piše:

>So I did the changes you told me. I can still not connect to my WLAN, but I
>think thats because I have no certificates created or imported.
>
>Debug Mode tells me this...
>
>rad_recv: Accounting-Request packet from host 192.168.1.6:1028, id=16,
>length=161
>        User-Name = "bnickaes"
>        NAS-Identifier = "BBi5"
>        Called-Station-Id = "00-19-cb-1f-66-2d:BBi WLAN test"
>        Calling-Station-Id = "00-14-a5-3e-a8-ba"
>        Acct-Status-Type = Stop
>        Acct-Session-Id = "40000000016"
>        Acct-Input-Octets = 1508
>        Acct-Output-Octets = 0
>        Acct-Input-Packets = 6
>        Acct-Output-Packets = 0
>        Acct-Delay-Time = 0
>        Acct-Session-Time = 6
>        Acct-Terminate-Cause = NAS-Request
>        Acct-Input-Gigawords = 0
>        Acct-Output-Gigawords = 0
>  Processing the preacct section of radiusd.conf
>modcall: entering group preacct for request 32
>  modcall[preacct]: module "preprocess" returns noop for request 32
>rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request,
>unique ID MAY be inconsistent
>rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.1.6,NAS-IP-Address =
>192.168.1.6,Acct-Session-Id = "40000000016",User-Name = "bnickaes"'
>rlm_acct_unique: Acct-Unique-Session-ID = "c32063e973b8db95".
>  modcall[preacct]: module "acct_unique" returns ok for request 32
>    rlm_realm: No '@' in User-Name = "bnickaes", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[preacct]: module "suffix" returns noop for request 32
>  modcall[preacct]: module "files" returns noop for request 32
>modcall: leaving group preacct (returns ok) for request 32
>  Processing the accounting section of radiusd.conf
>modcall: entering group accounting for request 32
>radius_xlat:  '/var/log/radius/radacct/192.168.1.6/detail-20071102'
>rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
>expands to /var/log/radius/radacct/192.168.1.6/detail-20071102
>  modcall[accounting]: module "detail" returns ok for request 32
>  modcall[accounting]: module "unix" returns noop for request 32
>radius_xlat:  '/var/log/radius/radutmp'
>radius_xlat:  'bnickaes'
>  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
>  rlm_radumtp: WARNING: checkrad will probably not work!
>  modcall[accounting]: module "radutmp" returns noop for request 32
>radius_xlat:  'bnickaes'
>rlm_sql (sql): sql_set_user escaped user --> 'bnickaes'
>radius_xlat:  'UPDATE radacct           SET FramedIPAddress = '',
>AcctSessionTime = '6',           AcctInputOctets = '1508',
>AcctOutputOctets = '0', ?  AcctStopTime =
>FROM_UNIXTIME(UNIX_TIMESTAMP(`AcctStartTime`) + `AcctSessionTime` )
>WHERE UserName = 'bnickaes'           AND AcctStopTime= '0000-00-00
>00:00:00' '
>radius_xlat:  '/var/log/radius/sqltrace.sql'
>rlm_sql (sql): Reserving sql socket id: 3
>rlm_sql_mysql: query:  UPDATE radacct           SET FramedIPAddress = '',
>AcctSessionTime = '6',           AcctInputOctets = '1508',
>AcctOutputOctets = '0', ?  AcctStopTime =
>FROM_UNIXTIME(UNIX_TIMESTAMP(`AcctStartTime`) + `AcctSessionTime` )
>WHERE UserName = 'bnickaes'           AND AcctStopTime= '0000-00-00
>00:00:00'
>rlm_sql (sql): Released sql socket id: 3
>  modcall[accounting]: module "sql" returns ok for request 32
>modcall: leaving group accounting (returns ok) for request 32 Sending
>Accounting-Response of id 16 to 192.168.1.6 port 1028 Finished request 32
>
>....and I think it's OK.
>
>So I tried to create some certificates to get this finally done.
>
>After I did what "Tutorial for AD integration" told me about creating self
>signed certificates I run CA.all. So I type in all information and see this:
>
>
>+ openssl ca -policy policy_anything -out newcert.pem -passin
>+ pass:whatever -key whatever -extensions xpserver_ext -extfile
>+ xpextensions -infiles newreq.pem
>Using configuration from /etc/ssl/openssl.cnf Error opening CA private key
>../cakey.pem 5010:error:02001002:system library:fopen:No such file or
>directory:bss_file.c:352:fopen('./cakey.pem','r')
>5010:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
>unable to load CA private key
>+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out
>+ cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
>Error opening input file newcert.pem
>newcert.pem: No such file or directory
>+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin
>+ pass:whatever -passout pass:whatever
>Error opening input file cert-srv.p12
>cert-srv.p12: No such file or directory
>+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out
>+ cert-srv.der
>Error opening Certificate cert-srv.pem
>5013:error:02001002:system library:fopen:No such file or
>directory:bss_file.c:352:fopen('cert-srv.pem','r')
>5013:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
>unable to load certificate
>+ echo -e '\n\t\t##################\n'
>
>                ##################
>
>Maybe my fault is trivial, but I'm really a little clobbered over the head
>with all this at the moment and I just got one week to get it done.
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list