missing config items on reinstall
Raymond Norton
admin at lctn.org
Tue Feb 15 23:09:34 CET 2011
Couldn't get "make" or ./bootstrap to work, even though I have
build-essentials installed and am running commands as root.
Plan B for simple eap (If you are getting certificate errors when
starting freeradius):
I know this is a hack, but it worked the first time for me.
Remove all files and symlinks from /etc/freeradius/certs
Download server.cnf, ca.cnf, and client.cnf from
https://github.com/alandekok/freeradius-server
Edit and copy to /etc/freeradius/certs.
In /etc/freradius/certs, paste the following (or make script):
openssl dhparam -out dh 1024
dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1;
openssl req -new -out server.csr -keyout server.key -config ./server.cnf
openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep
default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf
touch index.txt
echo '01' > serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep
output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt
-extensions xpserver_ext -extfile xpextensions -config ./server.cnf
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
-passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`
-passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep
output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep
output_password server.cnf | sed 's/.*=//;s/^ *//'`
openssl verify -CAfile ca.pem server.pem
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep
output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt
-extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Change password in /etc/freeradius/eap.conf to match others you just edited.
Add client info to /etc/freeradius/client.conf
Edit /etc/freeradius/users and add a user to the top of file (bob
Cleartext-Password := "hello")
Configure client (worked on Linux and IPod):
(Linux wireless)
Security: WPA &WPA2 Enterprise
Authentication: Protected EAP (PEAP)
CA: None
PEAP Version: Automatic
Inner Authentication: MSCHAPv2
Username: bob
Password:hello
Start freeradius (freeradius -X)
Should be able to connect and login without any other changes
More information about the Freeradius-Users
mailing list