HOWTO PEAP + FreeRadius + XP Client
George KNIGHT
georgeknight at gmail.com
Thu May 1 18:14:26 CEST 2008
Alan,
I feel extremely stupid even though I know I am not.
Running radiusd -X command as a root gives me the following error message as
I posted here yesterday;
PS: I'm just posting last part of the output here. The full output can be
seen at my previous email that I sent yesterday.
-------------------------------------------------------------------------------------------------------------------------------
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/raddb/certs/bootstrap"
}
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[252]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[199]: Errors parsing authenticate section.
}
}
Errors initializing modules
comp-010:/home/srn #
---------------------------------------------------------------------------------------------------------------------
It says a 'permission denied' and you asked me earlier if I was running the
command as a root, which the answer is yes. So, how can I overcome this
problem?
Thank you
George
On Thu, May 1, 2008 at 11:50 AM, Alan DeKok <aland at deployingradius.com>
wrote:
> George KNIGHT wrote:
> > Yes, I run all the commands as a root. Is this wrong?
>
> No.
>
> > When I run the bootstrap script, again, as a root, here is what I get;
>
> <sigh> You said it had errors. You need to show what those errors
> are. Showing that it runs *without* errors doesn't help.
>
> > I will use the default certs for just testing purposes. Once I make this
> > work with defaults ones, I will sure go ahead and create new
> > certificates. But at this moment, all I want to see a working version
> > of PEAP authentication in my test environment.
>
> Follow the instructions. It WILL work.
>
> - uncheck "validate server certificate" in Windows.
> - add username/password to FreeRADIUS as per the FAQ
> - start the server
> - verify that PEAP works.
>
> That's what I do. It's not complicated. It doesn't require "special"
> knowledge or experience. It really *is* that easy.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080501/eed02f44/attachment.html>
More information about the Freeradius-Users
mailing list