Freeradius - EAP-TLS cert issue?

Tucker, Benjamin H. BENJAMIN.H.TUCKER at leidos.com
Wed Sep 24 16:54:42 CEST 2014


Anyone seen this before?

From: Tucker, Benjamin H.
Sent: Tuesday, September 23, 2014 8:51 PM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius - EAP-TLS cert issue?

Hello all,

I am a new user of Freeradius and am trying to get it up and running using EAP-TLS.  I have the below error when I attempt to run.  Is this a cert issue or a config issue with Freeradius?

Thanks

C:\FreeRADIUS.net\bin>radiusd -d c:/freeradius.net/etc/raddb -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: ../etc/raddb/proxy.conf
Config:   including file: ../etc/raddb/clients.conf
Config:   including file: ../etc/raddb/snmp.conf
Config:   including file: ../etc/raddb/eap.conf
Config:   including file: ../etc/raddb/sql.conf
main: prefix = ".."
main: localstatedir = "../var"
main: logdir = "../var/log/radius"
main: libdir = "../lib"
main: radacctdir = "../var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "../var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "../var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "../bin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is ../lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
pap: auto_header = no
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "../var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/radius-pri
v-key.pem"
tls: certificate_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/radius-pri
v-cert.pem"
tls: CA_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/cacert.pem"
tls: private_key_password = "mercury"
tls: dh_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh"
tls: random_file = "../etc/raddb/certs/FreeRADIUS.net/DemoCerts/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "%{User-Name}"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory

rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls

C:\FreeRADIUS.net\bin>
C:\FreeRADIUS.net\bin>



Ben Tucker | Leidos
Network Architect III
Cell: 501-400-5272
benjamin.h.tucker at leidos.com<mailto:benjamin.h.tucker at leidos.com> | Leidos.com<http://www.saic.com/>| Engineering
[cid:image002.jpg at 01CE5D30.354DD630]
Portions of SAIC to be renamed Leidos, Inc. subject to
stockholder approval and consummation of a separation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140924/bd10ba77/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 23368 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140924/bd10ba77/attachment-0001.jpg>


More information about the Freeradius-Users mailing list