HOWTO PEAP + FreeRadius + XP Client

George KNIGHT georgeknight at gmail.com
Thu May 1 18:14:26 CEST 2008


Alan,
I feel extremely stupid even though I know I am not.

Running radiusd -X command as a root gives me the following error message as
I posted here yesterday;
PS: I'm just posting last part of the output here. The full output can be
seen at my previous email that I sent yesterday.

-------------------------------------------------------------------------------------------------------------------------------

Module: Instantiating eap
  eap {
        default_eap_type = "peap"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        pem_file_type = yes
        private_key_file = "/etc/raddb/certs/server.pem"
        certificate_file = "/etc/raddb/certs/server.pem"
        CA_file = "/etc/raddb/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/etc/raddb/certs/dh"
        random_file = "/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/etc/raddb/certs/bootstrap"
   }
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[252]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[199]: Errors parsing authenticate section.
 }
}
Errors initializing modules
comp-010:/home/srn #

---------------------------------------------------------------------------------------------------------------------

It says a 'permission denied'  and you asked me earlier if I was running the
command as a root, which the answer is yes. So, how can I overcome this
problem?

Thank you
George














On Thu, May 1, 2008 at 11:50 AM, Alan DeKok <aland at deployingradius.com>
wrote:

> George KNIGHT wrote:
> > Yes, I run all the commands as a root.  Is this wrong?
>
>   No.
>
> > When I run the bootstrap script, again, as a root,  here is what I get;
>
>   <sigh>  You said it had errors.  You need to show what those errors
> are.  Showing that it runs *without* errors doesn't help.
>
> > I will use the default certs for just testing purposes. Once I make this
> > work with defaults ones, I will sure go ahead and create new
> > certificates. But at this moment, all I want to see  a working version
> > of PEAP authentication in my test environment.
>
>   Follow the instructions.  It WILL work.
>
>  - uncheck "validate server certificate" in Windows.
>  - add username/password to FreeRADIUS as per the FAQ
>  - start the server
>  - verify that PEAP works.
>
>  That's what I do.  It's not complicated.  It doesn't require "special"
> knowledge or experience.  It really *is* that easy.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080501/eed02f44/attachment.html>


More information about the Freeradius-Users mailing list