Decoupled accounting
Devinder Singh
devinbhullar at gmail.com
Mon Aug 3 08:53:42 CEST 2009
HI Ivan,
These are the new error messages
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "devin123"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
/etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
}
}
Devinder
2009/8/3 Devinder Singh <devinbhullar at gmail.com>:
> ok i set the password to devin123
>
> Module: Instantiating eap-tls
> tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
> rsa_key_length = 512
> dh_key_length = 512
> verify_depth = 0
> pem_file_type = yes
> private_key_file = "/etc/raddb/certs/server.pem"
> certificate_file = "/etc/raddb/certs/server.pem"
> CA_file = "/etc/raddb/certs/ca.pem"
> private_key_password = "devin123"
> dh_file = "/etc/raddb/certs/dh"
> random_file = "/etc/raddb/certs/random"
> fragment_size = 1024
> include_length = yes
> check_crl = no
> cipher_list = "DEFAULT"
> make_cert_command = "/etc/raddb/certs/bootstrap"
> cache {
> enable = no
> lifetime = 24
> max_entries = 255
> }
> }
> rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
> rlm_eap_tls: Error loading randomness
> rlm_eap: Failed to initialize type tls
> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
> /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
> /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
> }
> }
> Errors initializing modules
>
>
> 2009/8/3 Devinder Singh <devinbhullar at gmail.com>:
>> Hi Ivan
>>
>> I did this
>>
>> chown root:radiusd /etc/raddb/certs/server.pem
>> chown root:radiusd /etc/raddb/certs/ca.pem
>>
>> and then i got the error
>>
>> Module: Instantiating eap-tls
>> tls {
>> rsa_key_exchange = no
>> dh_key_exchange = yes
>> rsa_key_length = 512
>> dh_key_length = 512
>> verify_depth = 0
>> pem_file_type = yes
>> private_key_file = "/etc/raddb/certs/server.pem"
>> certificate_file = "/etc/raddb/certs/server.pem"
>> CA_file = "/etc/raddb/certs/ca.pem"
>> private_key_password = "whatever"
>> dh_file = "/etc/raddb/certs/dh"
>> random_file = "/etc/raddb/certs/random"
>> fragment_size = 1024
>> include_length = yes
>> check_crl = no
>> cipher_list = "DEFAULT"
>> make_cert_command = "/etc/raddb/certs/bootstrap"
>> cache {
>> enable = no
>> lifetime = 24
>> max_entries = 255
>> }
>> }
>> rlm_eap: SSL error error:06065064:digital envelope
>> routines:EVP_DecryptFinal_ex:bad decrypt
>> rlm_eap_tls: Error reading private key file /etc/raddb/certs/server.pem
>> rlm_eap: Failed to initialize type tls
>> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
>> /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap".
>> /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section.
>> }
>> }
>> Errors initializing modules
>>
>>
>>
>>
>>
>> 2009/8/3 Devinder Singh <devinbhullar at gmail.com>:
>>> Hi Ivan,
>>> these are the files in the /cert directory after i had ran the
>>> instruction in RREADME
>>>
>>> Could you let me know how to fix the errors
>>>
>>> Thanks
>>>
>>>
>>> linux-h9qt:/etc/raddb/certs # ls
>>> 01.pem ca.cnf client.cnf client.p12 index.txt
>>> Makefile serial.old server.key
>>> 02.pem ca.der client.crt client.pem
>>> index.txt.attr random server.cnf server.p12
>>> 03.pem ca.key client.csr devinder at palettemm.com.pem
>>> index.txt.attr.old README server.crt server.pem
>>> bootstrap ca.pem client.key dh
>>> index.txt.old serial server.csr xpextensions
>>>
>>>
>>> 2009/8/3 Devinder Singh <devinbhullar at gmail.com>:
>>>> Hi Ivan.
>>>>
>>>> Ok i have reformetated my machine and installed Radius 2.1.1 from Yast
>>>> Open Suse 11.
>>>>
>>>> I followed the instructions in /etc/raddb/certs/README
>>>>
>>>>
>>>> Module: Linked to sub-module rlm_eap_tls
>>>> Module: Instantiating eap-tls
>>>> tls {
>>>> rsa_key_exchange = no
>>>> dh_key_exchange = yes
>>>> rsa_key_length = 512
>>>> dh_key_length = 512
>>>> verify_depth = 0
>>>> pem_file_type = yes
>>>> private_key_file = "/etc/raddb/certs/server.pem"
>>>> certificate_file = "/etc/raddb/certs/server.pem"
>>>> CA_file = "/etc/raddb/certs/ca.pem"
>>>> private_key_password = "whatever"
>>>> dh_file = "/etc/raddb/certs/dh"
>>>> random_file = "/etc/raddb/certs/random"
>>>> fragment_size = 1024
>>>> include_length = yes
>>>> check_crl = no
>>>> cipher_list = "DEFAULT"
>>>> make_cert_command = "/etc/raddb/certs/bootstrap"
>>>> cache {
>>>> enable = no
>>>> lifetime = 24
>>>> max_entries = 255
>>>> }
>>>> }
>>>> rlm_eap: SSL error error:0200100D:system library:fopen:Permission
>>>> denied
>>>> rlm_eap_tls: Error reading certificate file
>>>> /etc/raddb/certs/server.pem
>>>> rlm_eap: Failed to initialize type tls
>>>> /etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
>>>> /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module
>>>> "eap".
>>>> /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing
>>>> authenticate section.
>>>> }
>>>> }
>>>> Errors initializing modules
>>>>
>>>> 2009/8/1 Ivan Kalik <tnt at kalik.net>:
>>>>>> I refeer only to version 1.0.4 for the serial file as its not there in
>>>>>> /etc/raddb/certs/demoCA so i get the serial file from version 1.0.4
>>>>>>
>>>>>> But i still get the errror message Bad Encrypt.
>>>>>>
>>>>>> What shoud i do next.
>>>>>
>>>>> How about following the instructions in raddb/certs/README file?
>>>>>
>>>>> Ivan Kalik
>>>>> Kalik Informatika ISP
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Devinder
>>>>
>>>
>>>
>>>
>>> --
>>> Devinder
>>>
>>
>>
>>
>> --
>> Devinder
>>
>
>
>
> --
> Devinder
>
--
Devinder
More information about the Freeradius-Users
mailing list