missing config items on reinstall

Raymond Norton admin at lctn.org
Tue Feb 15 23:09:34 CET 2011


  Couldn't get "make" or ./bootstrap to work, even though I have 
build-essentials installed and am running commands as root.

Plan B for simple eap (If you are getting certificate errors when 
starting freeradius):
I know this is a hack, but it worked the first time for me.

Remove all files  and symlinks from /etc/freeradius/certs

Download server.cnf, ca.cnf, and client.cnf  from 
https://github.com/alandekok/freeradius-server
Edit and copy to /etc/freeradius/certs.

In  /etc/freradius/certs, paste the following (or make script):

openssl dhparam -out dh 1024
dd if=/dev/urandom of=./random count=10 >/dev/null 2>&1;
openssl req -new -out server.csr -keyout server.key -config ./server.cnf
openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep 
default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf
touch index.txt
echo '01' > serial
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep 
output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt 
-extensions xpserver_ext -extfile xpextensions -config ./server.cnf
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 
-passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` 
-passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'`
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep 
output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep 
output_password server.cnf | sed 's/.*=//;s/^ *//'`
openssl verify -CAfile ca.pem server.pem
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep 
output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt 
-extensions xpclient_ext -extfile xpextensions -config ./client.cnf

Change password in /etc/freeradius/eap.conf to match others you just edited.

Add client info to /etc/freeradius/client.conf

Edit /etc/freeradius/users and add a user to the top of file (bob     
Cleartext-Password := "hello")


Configure client (worked on Linux and IPod):

(Linux wireless)
Security: WPA &WPA2 Enterprise
Authentication: Protected EAP (PEAP)
CA: None
PEAP Version: Automatic
Inner Authentication: MSCHAPv2
Username: bob
Password:hello

Start freeradius (freeradius -X)


Should be able to connect and login without any other changes




More information about the Freeradius-Users mailing list