FreeRADIUS 2.1.5 on CentOS 4.4

Волошин Вячеслав voloshin at maks.net
Sat Apr 18 19:12:45 CEST 2009


Please  give file /usr/local/etc/raddb/certs/server.pem, to check if u have it.

  ----- Original Message ----- 
  From: Glen Millard 
  To: FreeRadius users mailing list 
  Sent: Saturday, April 18, 2009 8:32 PM
  Subject: Re: FreeRADIUS 2.1.5 on CentOS 4.4


  Hi ;

  I thank you much for your help/input.

  However, I am still seeing an error:

  Here is the output.

  Thanks

  FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built on Apr 18 2009 at 05:17:11
  Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
  There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  PARTICULAR PURPOSE.
  You may redistribute copies of FreeRADIUS under the terms of the
  GNU General Public License v2.
  Starting - reading configuration files ...
  including configuration file /usr/local/etc/raddb/radiusd.
  conf
  including configuration file /usr/local/etc/raddb/proxy.conf
  including configuration file /usr/local/etc/raddb/clients.conf
  including files in directory /usr/local/etc/raddb/modules/
  including configuration file /usr/local/etc/raddb/modules/mac2vlan
  including configuration file /usr/local/etc/raddb/modules/always
  including configuration file /usr/local/etc/raddb/modules/exec
  including configuration file /usr/local/etc/raddb/modules/expiration
  including configuration file /usr/local/etc/raddb/modules/detail
  including configuration file /usr/local/etc/raddb/modules/radutmp
  including configuration file /usr/local/etc/raddb/modules/attr_rewrite
  including configuration file /usr/local/etc/raddb/modules/realm
  including configuration file /usr/local/etc/raddb/modules/expr
  including configuration file /usr/local/etc/raddb/modules/ldap
  including configuration file /usr/local/etc/raddb/modules/passwd
  including configuration file /usr/local/etc/raddb/modules/otp
  including configuration file /usr/local/etc/raddb/modules/etc_group
  including configuration file /usr/local/etc/raddb/modules/acct_unique
  including configuration file /usr/local/etc/raddb/modules/digest
  including configuration file /usr/local/etc/raddb/modules/linelog
  including configuration file /usr/local/etc/raddb/modules/smsotp
  including configuration file /usr/local/etc/raddb/modules/detail.log
  including configuration file /usr/local/etc/raddb/modules/mac2ip
  including configuration file /usr/local/etc/raddb/modules/echo
  including configuration file /usr/local/etc/raddb/modules/pap
  including configuration file /usr/local/etc/raddb/modules/checkval
  including configuration file /usr/local/etc/raddb/modules/wimax
  including configuration file /usr/local/etc/raddb/modules/sql_log
  including configuration file /usr/local/etc/raddb/modules/smbpasswd
  including configuration file /usr/local/etc/raddb/modules/chap
  including configuration file /usr/local/etc/raddb/modules/policy
  including configuration file /usr/local/etc/raddb/modules/detail.example.com
  including configuration file /usr/local/etc/raddb/modules/preprocess
  including configuration file /usr/local/etc/raddb/modules/pam
  including configuration file /usr/local/etc/raddb/modules/attr_filter
  including configuration file /usr/local/etc/raddb/modules/logintime
  including configuration file /usr/local/etc/raddb/modules/inner-eap
  including configuration file /usr/local/etc/raddb/modules/unix
  including configuration file /usr/local/etc/raddb/modules/counter
  including configuration file /usr/local/etc/raddb/modules/files
  including configuration file /usr/local/etc/raddb/modules/mschap
  including configuration file /usr/local/etc/raddb/modules/perl
  including configuration file /usr/local/etc/raddb/modules/krb5
  including configuration file /usr/local/etc/raddb/modules/sradutmp
  including configuration file /usr/local/etc/raddb/modules/ippool
  including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
  including configuration file /usr/local/etc/raddb/eap.conf
  including configuration file /usr/local/etc/raddb/policy.conf
  including files in directory /usr/local/etc/raddb/sites-enabled/
  including configuration file /usr/local/etc/raddb/sites-enabled/default
  including dictionary file /usr/local/etc/raddb/dictionary
  main {
         prefix = "/usr/local"
         localstatedir = "/usr/local/var"
         logdir = "/usr/local/var/log/radius"
         libdir = "/usr/local/lib"
         radacctdir = "/usr/local/var/log/radius/radacct"
         hostname_lookups = no
         max_request_time = 30
         cleanup_delay = 5
         max_requests = 1024
         allow_core_dumps = yes
         pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
         checkrad = "/usr/local/sbin/checkrad"
         debug_level = 0
         proxy_requests = yes
   log {
         stripped_names = no
         auth = no
         auth_badpass = no
         auth_goodpass = no
   }
   security {
         max_attributes = 200
         reject_delay = 1
         status_server = yes
   }
  }
  radiusd: #### Loading Realms and Home Servers ####
   proxy server {
         retry_delay = 5
         retry_count = 3
         default_fallback = no
         dead_time = 120
         wake_all_if_all_dead = no
   }
   home_server localhost {
         ipaddr = 127.0.0.1
         port = 1812
         type = "auth"
         secret = "testing123"
         response_window = 20
         max_outstanding = 65536
         require_message_authenticator = no
         zombie_period = 40
         status_check = "status-server"
         ping_interval = 30
         check_interval = 30
         num_answers_to_alive = 3
         num_pings_to_alive = 3
         revive_interval = 120
         status_check_timeout = 4
         irt = 2
         mrt = 16
         mrc = 5
         mrd = 30
   }
   home_server_pool my_auth_failover {
         type = fail-over
         home_server = localhost
   }
   realm example.com {
         auth_pool = my_auth_failover
   }
   realm LOCAL {
   }
  radiusd: #### Loading Clients ####
   client localhost {
         ipaddr = 127.0.0.1
         require_message_authenticator = no
         secret = "testing123"
         nastype = "other"
   }
  radiusd: #### Instantiating modules ####
   instantiate {
   Module: Linked to module rlm_exec
   Module: Instantiating exec
   exec {
         wait = no
         input_pairs = "request"
         shell_escape = yes
   }
   Module: Linked to module rlm_expr
   Module: Instantiating expr
   Module: Linked to module rlm_expiration
   Module: Instantiating expiration
   expiration {
         reply-message = "Password Has Expired  "
   }
   Module: Linked to module rlm_logintime
   Module: Instantiating logintime
   logintime {
         reply-message = "You are calling outside your allowed timespan  "
         minimum-timeout = 60
   }
   }
  radiusd: #### Loading Virtual Servers ####
   modules {
   Module: Checking authenticate {...} for more modules to load
   Module: Linked to module rlm_pap
   Module: Instantiating pap
   pap {
         encryption_scheme = "auto"
         auto_header = no
   }
   Module: Linked to module rlm_chap
   Module: Instantiating chap
   Module: Linked to module rlm_mschap
   Module: Instantiating mschap
   mschap {
         use_mppe = yes
         require_encryption = no
         require_strong = no
         with_ntdomain_hack = no
   }
   Module: Linked to module rlm_unix
   Module: Instantiating unix
   unix {
         radwtmp = "/usr/local/var/log/radius/radwtmp"
   }
   Module: Linked to module rlm_eap
   Module: Instantiating eap
   eap {
         default_eap_type = "md5"
         timer_expire = 60
         ignore_unknown_eap_types = no
         cisco_accounting_username_bug = no
         max_sessions = 2048
   }
   Module: Linked to sub-module rlm_eap_md5
   Module: Instantiating eap-md5
   Module: Linked to sub-module rlm_eap_leap
   Module: Instantiating eap-leap
   Module: Linked to sub-module rlm_eap_gtc
   Module: Instantiating eap-gtc
    gtc {
         challenge = "Password: "
         auth_type = "PAP"
    }
   Module: Linked to sub-module rlm_eap_tls
   Module: Instantiating eap-tls
    tls {
         rsa_key_exchange = no
         dh_key_exchange = yes
         rsa_key_length = 512
         dh_key_length = 512
         verify_depth = 0
         pem_file_type = yes
         private_key_file = "/usr/local/etc/raddb/certs/server.pem"
         certificate_file = "/usr/local/etc/raddb/certs/server.pem"
         CA_file = "/usr/local/etc/raddb/certs/ca.pem"
         private_key_password = "rifywbi!"
         dh_file = "/usr/local/etc/raddb/certs/dh"
         random_file = "/usr/local/etc/raddb/certs/random"
         fragment_size = 1024
         include_length = yes
         check_crl = no
         cipher_list = "DEFAULT"
         make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
     cache {
         enable = no
         lifetime = 24
         max_entries = 255
     }
    }
  rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line
  rlm_eap_tls: Error reading private key file /usr/local/etc/raddb/certs/server.pem
  rlm_eap: Failed to initialize type tls
  /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
  /usr/local/etc/raddb/sites-enabled/default[280]: Failed to find module "eap".
  /usr/local/etc/raddb/sites-enabled/default[227]: Errors parsing authenticate section.
   }
  Errors initializing modules





  2009/4/18 Волошин Вячеслав <voloshin at maks.net>

    Delete from '/usr/local/etc/raddb/sites-enabled' all files, except 'default'.


      ----- Original Message ----- 
      From: Glen Millard 
      To: freeradius-users at lists.freeradius.org 
      Sent: Saturday, April 18, 2009 6:00 PM
      Subject: FreeRADIUS 2.1.5 on CentOS 4.4


      Hello All;

      I have been spinning my wheels on this for a couple of days now.

      I build FreeRADIUS from the source , no errors, builds successfully.

      However, when I launch the FreeRADIUS server ( radiusd -X) this is what I see.

      If I use the 'fake' certs ( the test ones with the bootstrap script) , it runs successfully.

      Any ideas? I see discussion similar, but nothing very clear.

      Anyone?

      Thanks
      Glen

      +++++++++++++++++++++++++++++++++++


      FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built on Apr 18 2009 at 05:17:11
      Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
      There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
      PARTICULAR PURPOSE.
      You may redistribute copies of FreeRADIUS under the terms of the
      GNU General Public License v2.
      Starting - reading configuration files ...
      including configuration file /usr/local/etc/raddb/radiusd. 
      conf
      including configuration file /usr/local/etc/raddb/proxy.conf
      including configuration file /usr/local/etc/raddb/clients.conf
      including files in directory /usr/local/etc/raddb/modules/
      including configuration file /usr/local/etc/raddb/modules/mac2vlan
      including configuration file /usr/local/etc/raddb/modules/always
      including configuration file /usr/local/etc/raddb/modules/exec
      including configuration file /usr/local/etc/raddb/modules/expiration
      including configuration file /usr/local/etc/raddb/modules/detail
      including configuration file /usr/local/etc/raddb/modules/radutmp
      including configuration file /usr/local/etc/raddb/modules/attr_rewrite
      including configuration file /usr/local/etc/raddb/modules/realm
      including configuration file /usr/local/etc/raddb/modules/expr
      including configuration file /usr/local/etc/raddb/modules/ldap
      including configuration file /usr/local/etc/raddb/modules/passwd
      including configuration file /usr/local/etc/raddb/modules/otp
      including configuration file /usr/local/etc/raddb/modules/etc_group
      including configuration file /usr/local/etc/raddb/modules/acct_unique
      including configuration file /usr/local/etc/raddb/modules/digest
      including configuration file /usr/local/etc/raddb/modules/linelog
      including configuration file /usr/local/etc/raddb/modules/smsotp
      including configuration file /usr/local/etc/raddb/modules/detail.log
      including configuration file /usr/local/etc/raddb/modules/mac2ip
      including configuration file /usr/local/etc/raddb/modules/echo
      including configuration file /usr/local/etc/raddb/modules/pap
      including configuration file /usr/local/etc/raddb/modules/checkval
      including configuration file /usr/local/etc/raddb/modules/wimax
      including configuration file /usr/local/etc/raddb/modules/sql_log
      including configuration file /usr/local/etc/raddb/modules/smbpasswd
      including configuration file /usr/local/etc/raddb/modules/chap
      including configuration file /usr/local/etc/raddb/modules/policy
      including configuration file /usr/local/etc/raddb/modules/detail.example.com
      including configuration file /usr/local/etc/raddb/modules/preprocess
      including configuration file /usr/local/etc/raddb/modules/pam
      including configuration file /usr/local/etc/raddb/modules/attr_filter
      including configuration file /usr/local/etc/raddb/modules/logintime
      including configuration file /usr/local/etc/raddb/modules/inner-eap
      including configuration file /usr/local/etc/raddb/modules/unix
      including configuration file /usr/local/etc/raddb/modules/counter
      including configuration file /usr/local/etc/raddb/modules/files
      including configuration file /usr/local/etc/raddb/modules/mschap
      including configuration file /usr/local/etc/raddb/modules/perl
      including configuration file /usr/local/etc/raddb/modules/krb5
      including configuration file /usr/local/etc/raddb/modules/sradutmp
      including configuration file /usr/local/etc/raddb/modules/ippool
      including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
      including configuration file /usr/local/etc/raddb/eap.conf
      including configuration file /usr/local/etc/raddb/policy.conf
      including files in directory /usr/local/etc/raddb/sites-enabled/
      including configuration file /usr/local/etc/raddb/sites-enabled/default
      including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
      including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
      including dictionary file /usr/local/etc/raddb/dictionary
      main {
             prefix = "/usr/local"
             localstatedir = "/usr/local/var"
             logdir = "/usr/local/var/log/radius"
             libdir = "/usr/local/lib"
             radacctdir = "/usr/local/var/log/radius/radacct"
             hostname_lookups = no
             max_request_time = 30
             cleanup_delay = 5
             max_requests = 1024
             allow_core_dumps = yes
             pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
             checkrad = "/usr/local/sbin/checkrad"
             debug_level = 0
             proxy_requests = yes
       log {
             stripped_names = no
             auth = no
             auth_badpass = no
             auth_goodpass = no
       }
       security {
             max_attributes = 200
             reject_delay = 1
             status_server = yes
       }
      }
      radiusd: #### Loading Realms and Home Servers ####
       proxy server {
             retry_delay = 5
             retry_count = 3
             default_fallback = no
             dead_time = 120
             wake_all_if_all_dead = no
       }
       home_server localhost {
             ipaddr = 127.0.0.1
             port = 1812
             type = "auth"
             secret = "testing123"
             response_window = 20
             max_outstanding = 65536
             require_message_authenticator = no
             zombie_period = 40
             status_check = "status-server"
             ping_interval = 30
             check_interval = 30
             num_answers_to_alive = 3
             num_pings_to_alive = 3
             revive_interval = 120
             status_check_timeout = 4
             irt = 2
             mrt = 16
             mrc = 5
             mrd = 30
       }
       home_server_pool my_auth_failover {
             type = fail-over
             home_server = localhost
       }
       realm example.com {
             auth_pool = my_auth_failover
       }
       realm LOCAL {
       }
      radiusd: #### Loading Clients ####
       client localhost {
             ipaddr = 127.0.0.1
             require_message_authenticator = no
             secret = "testing123"
             nastype = "other"
       }
      radiusd: #### Instantiating modules ####
       instantiate {
       Module: Linked to module rlm_exec
       Module: Instantiating exec
       exec {
             wait = no
             input_pairs = "request"
             shell_escape = yes
       }
       Module: Linked to module rlm_expr
       Module: Instantiating expr
       Module: Linked to module rlm_expiration
       Module: Instantiating expiration
       expiration {
             reply-message = "Password Has Expired  "
       }
       Module: Linked to module rlm_logintime
       Module: Instantiating logintime
       logintime {
             reply-message = "You are calling outside your allowed timespan  "
             minimum-timeout = 60
       }
       }
      radiusd: #### Loading Virtual Servers ####
      server inner-tunnel {
       modules {
       Module: Checking authenticate {...} for more modules to load
       Module: Linked to module rlm_pap
       Module: Instantiating pap
       pap {
             encryption_scheme = "auto"
             auto_header = no
       }
       Module: Linked to module rlm_chap
       Module: Instantiating chap
       Module: Linked to module rlm_mschap
       Module: Instantiating mschap
       mschap {
             use_mppe = yes
             require_encryption = no
             require_strong = no
             with_ntdomain_hack = no
       }
       Module: Linked to module rlm_unix
       Module: Instantiating unix
       unix {
             radwtmp = "/usr/local/var/log/radius/radwtmp"
       }
       Module: Linked to module rlm_eap
       Module: Instantiating eap
       eap {
             default_eap_type = "md5"
             timer_expire = 60
             ignore_unknown_eap_types = no
             cisco_accounting_username_bug = no
             max_sessions = 2048
       }
       Module: Linked to sub-module rlm_eap_md5
       Module: Instantiating eap-md5
       Module: Linked to sub-module rlm_eap_leap
       Module: Instantiating eap-leap
       Module: Linked to sub-module rlm_eap_gtc
       Module: Instantiating eap-gtc
        gtc {
             challenge = "Password: "
             auth_type = "PAP"
        }
       Module: Linked to sub-module rlm_eap_tls
       Module: Instantiating eap-tls
        tls {
             rsa_key_exchange = no
             dh_key_exchange = yes
             rsa_key_length = 512
             dh_key_length = 512
             verify_depth = 0
             pem_file_type = yes
             private_key_file = "/usr/local/etc/raddb/certs/server.pem"
             certificate_file = "/usr/local/etc/raddb/certs/server.pem"
             CA_file = "/usr/local/etc/raddb/certs/ca.pem"
             private_key_password = "rifywbi!"
             dh_file = "/usr/local/etc/raddb/certs/dh"
             random_file = "/usr/local/etc/raddb/certs/random"
             fragment_size = 1024
             include_length = yes
             check_crl = no
             cipher_list = "DEFAULT"
             make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
         cache {
             enable = no
             lifetime = 24
             max_entries = 255
         }
        }
      rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line
      rlm_eap_tls: Error reading private key file /usr/local/etc/raddb/certs/server.pem
      rlm_eap: Failed to initialize type tls
      /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
      /usr/local/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
      /usr/local/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
       }
      }
      Errors initializing modules


--------------------------------------------------------------------------


      -
      List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

    -
    List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





------------------------------------------------------------------------------


  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090418/6ca931d0/attachment.html>


More information about the Freeradius-Users mailing list