eap instantiation errors

Paul Manyika paurosi at justice.com
Thu Jun 11 15:22:19 CEST 2015


   Hi
   I am trying co configure free radius on a freebsd10 server
   When i try to run "radiusd -X" I get
   radiusd: FreeRADIUS Version 2.2.7, for host i386-portbld-freebsd10.0,
   built on Jun 10 2015 at 12:35:41
   Copyright (C) 1999-2015 The FreeRADIUS server project and contributors.
   There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
   PARTICULAR PURPOSE.
   You may redistribute copies of FreeRADIUS under the terms of the
   GNU General Public License.
   For more information about these matters, see the file named COPYRIGHT.
   Starting - reading configuration files ...
   including configuration file /usr/local/etc/raddb/radiusd.conf
   including configuration file /usr/local/etc/raddb/proxy.conf
   including configuration file /usr/local/etc/raddb/clients.conf
   including files in directory /usr/local/etc/raddb/modules/
   including configuration file /usr/local/etc/raddb/modules/wimax
   including configuration file /usr/local/etc/raddb/modules/always
   including configuration file /usr/local/etc/raddb/modules/attr_filter
   including configuration file /usr/local/etc/raddb/modules/attr_rewrite
   including configuration file /usr/local/etc/raddb/modules/cache
   including configuration file /usr/local/etc/raddb/modules/chap
   including configuration file /usr/local/etc/raddb/modules/checkval
   including configuration file /usr/local/etc/raddb/modules/counter
   including configuration file /usr/local/etc/raddb/modules/cui
   including configuration file /usr/local/etc/raddb/modules/detail
   including configuration file
   /usr/local/etc/raddb/modules/detail.example.com
   including configuration file /usr/local/etc/raddb/modules/detail.log
   including configuration file
   /usr/local/etc/raddb/modules/dhcp_sqlippool
   including configuration file
   /usr/local/etc/raddb/sql/mysql/ippool-dhcp.conf
   including configuration file /usr/local/etc/raddb/modules/digest
   including configuration file
   /usr/local/etc/raddb/modules/dynamic_clients
   including configuration file /usr/local/etc/raddb/modules/echo
   including configuration file /usr/local/etc/raddb/modules/etc_group
   including configuration file /usr/local/etc/raddb/modules/exec
   including configuration file /usr/local/etc/raddb/modules/expiration
   including configuration file /usr/local/etc/raddb/modules/expr
   including configuration file /usr/local/etc/raddb/modules/files
   including configuration file /usr/local/etc/raddb/modules/inner-eap
   including configuration file /usr/local/etc/raddb/modules/ippool
   including configuration file /usr/local/etc/raddb/modules/krb5
   including configuration file /usr/local/etc/raddb/modules/ldap
   including configuration file /usr/local/etc/raddb/modules/linelog
   including configuration file /usr/local/etc/raddb/modules/otp
   including configuration file /usr/local/etc/raddb/modules/logintime
   including configuration file /usr/local/etc/raddb/modules/mac2ip
   including configuration file /usr/local/etc/raddb/modules/mac2vlan
   including configuration file /usr/local/etc/raddb/modules/mschap
   including configuration file /usr/local/etc/raddb/modules/ntlm_auth
   including configuration file /usr/local/etc/raddb/modules/opendirectory
   including configuration file /usr/local/etc/raddb/modules/pam
   including configuration file /usr/local/etc/raddb/modules/pap
   including configuration file /usr/local/etc/raddb/modules/passwd
   including configuration file /usr/local/etc/raddb/modules/perl
   including configuration file /usr/local/etc/raddb/modules/policy
   including configuration file /usr/local/etc/raddb/modules/preprocess
   including configuration file /usr/local/etc/raddb/modules/radrelay
   including configuration file /usr/local/etc/raddb/modules/radutmp
   including configuration file /usr/local/etc/raddb/modules/realm
   including configuration file /usr/local/etc/raddb/modules/redis
   including configuration file /usr/local/etc/raddb/modules/rediswho
   including configuration file /usr/local/etc/raddb/modules/replicate
   including configuration file /usr/local/etc/raddb/modules/smbpasswd
   including configuration file /usr/local/etc/raddb/modules/smsotp
   including configuration file /usr/local/etc/raddb/modules/soh
   including configuration file /usr/local/etc/raddb/modules/sql_log
   including configuration file
   /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
   including configuration file /usr/local/etc/raddb/modules/sradutmp
   including configuration file /usr/local/etc/raddb/modules/unix
   including configuration file /usr/local/etc/raddb/modules/acct_unique
   including configuration file /usr/local/etc/raddb/eap.conf
   including configuration file /usr/local/etc/raddb/sql.conf
   including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
   including configuration file /usr/local/etc/raddb/policy.conf
   including files in directory /usr/local/etc/raddb/sites-enabled/
   including configuration file
   /usr/local/etc/raddb/sites-enabled/control-socket
   including configuration file /usr/local/etc/raddb/sites-enabled/default
   including configuration file
   /usr/local/etc/raddb/sites-enabled/inner-tunnel
   main {
           user = "freeradius"
           group = "freeradius"
           allow_core_dumps = no
   }
   including dictionary file /usr/local/etc/raddb/dictionary
   main {
           name = "radiusd"
           prefix = "/usr/local"
           localstatedir = "/var"
           sbindir = "/usr/local/sbin"
           logdir = "/var/log"
           run_dir = "/var/run/radiusd"
           libdir = "/usr/local/lib/freeradius-2.2.7"
           radacctdir = "/var/log/radacct"
           hostname_lookups = no
           max_request_time = 30
           cleanup_delay = 5
           max_requests = 1024
           pidfile = "/var/run/radiusd/radiusd.pid"
           checkrad = "/usr/local/sbin/checkrad"
           debug_level = 0
           proxy_requests = yes
    log {
           stripped_names = no
           auth = no
           auth_badpass = yes
           auth_goodpass = no
    }
    security {
           max_attributes = 200
           reject_delay = 1
           status_server = yes
           allow_vulnerable_openssl = no
    }
   }
   radiusd: #### Loading Realms and Home Servers ####
    proxy server {
           retry_delay = 5
           retry_count = 3
           default_fallback = no
           dead_time = 120
           wake_all_if_all_dead = no
    }
    home_server localhost {
           ipaddr = 127.0.0.1
           port = 1812
           type = "auth"
           secret = "testing123"
           response_window = 20
           max_outstanding = 65536
           require_message_authenticator = yes
           zombie_period = 40
           status_check = "status-server"
           ping_interval = 30
           check_interval = 30
           num_answers_to_alive = 3
           num_pings_to_alive = 3
           revive_interval = 120
           status_check_timeout = 4
     coa {
           irt = 2
           mrt = 16
           mrc = 5
           mrd = 30
     }
    }
    home_server_pool my_auth_failover {
           type = fail-over
           home_server = localhost
    }
    realm example.com {
           auth_pool = my_auth_failover
    }
    realm LOCAL {
    }
   radiusd: #### Loading Clients ####
    client localhost {
           ipaddr = 127.0.0.1
           require_message_authenticator = no
           secret = "testing123"
           nastype = "other"
    }
   radiusd: #### Instantiating modules ####
    instantiate {
    Module: Linked to module rlm_exec
    Module: Instantiating module "exec" from file
   /usr/local/etc/raddb/modules/exec
     exec {
           wait = no
           input_pairs = "request"
           shell_escape = yes
           timeout = 10
     }
    Module: Linked to module rlm_expr
    Module: Instantiating module "expr" from file
   /usr/local/etc/raddb/modules/expr
    Module: Linked to module rlm_expiration
    Module: Instantiating module "expiration" from file
   /usr/local/etc/raddb/modules/expiration
     expiration {
           reply-message = "Password Has Expired  "
     }
    Module: Linked to module rlm_logintime
    Module: Instantiating module "logintime" from file
   /usr/local/etc/raddb/modules/logintime
     logintime {
           reply-message = "You are calling outside your allowed timespan
    "
           minimum-timeout = 60
     }
    }
   radiusd: #### Loading Virtual Servers ####
   server { # from file ?Ø¿âââ?( Ø¿âA
    modules {
     Module: Creating Auth-Type = digest
    Module: Checking authenticate {...} for more modules to load
    Module: Linked to module rlm_pap
    Module: Instantiating module "pap" from file
   /usr/local/etc/raddb/modules/pap
     pap {
           encryption_scheme = "auto"
           auto_header = no
     }
    Module: Linked to module rlm_chap
    Module: Instantiating module "chap" from file
   /usr/local/etc/raddb/modules/chap
    Module: Linked to module rlm_mschap
    Module: Instantiating module "mschap" from file
   /usr/local/etc/raddb/modules/mschap
     mschap {
           use_mppe = yes
           require_encryption = no
           require_strong = no
           with_ntdomain_hack = no
           allow_retry = yes
     }
    Module: Linked to module rlm_digest
    Module: Instantiating module "digest" from file
   /usr/local/etc/raddb/modules/digest
    Module: Linked to module rlm_pam
    Module: Instantiating module "pam" from file
   /usr/local/etc/raddb/modules/pam
     pam {
           pam_auth = "radiusd"
     }
    Module: Linked to module rlm_unix
    Module: Instantiating module "unix" from file
   /usr/local/etc/raddb/modules/unix
     unix {
           radwtmp = "/var/log/radwtmp"
     }
    Module: Linked to module rlm_eap
    Module: Instantiating module "eap" from file
   /usr/local/etc/raddb/eap.conf
     eap {
           default_eap_type = "ttls"
           timer_expire = 60
           ignore_unknown_eap_types = no
           cisco_accounting_username_bug = no
           max_sessions = 1024
     }
    Module: Linked to sub-module rlm_eap_md5
    Module: Instantiating eap-md5
    Module: Linked to sub-module rlm_eap_leap
    Module: Instantiating eap-leap
    Module: Linked to sub-module rlm_eap_gtc
    Module: Instantiating eap-gtc
      gtc {
           challenge = "Password: "
           auth_type = "PAP"
      }
    Module: Linked to sub-module rlm_eap_tls
    Module: Instantiating eap-tls
      tls {
           rsa_key_exchange = no
           dh_key_exchange = yes
           rsa_key_length = 512
           dh_key_length = 512
           verify_depth = 0
           CA_path = "/usr/local/etc/raddb/certs"
           pem_file_type = yes
           private_key_file = "/usr/local/etc/raddb/certs/server.pem"
           certificate_file = "/usr/local/etc/raddb/certs/server.pem"
           CA_file = "/usr/local/etc/raddb/certs/ca.pem"
           private_key_password = "whatever"
           dh_file = "/usr/local/etc/raddb/certs/dh"
           random_file = "/usr/local/etc/raddb/certs/random"
           fragment_size = 1024
           include_length = yes
           check_crl = no
           cipher_list = "DEFAULT"
           ecdh_curve = "prime256v1"
       cache {
           enable = no
           lifetime = 24
           max_entries = 255
       }
       verify {
       }
      }
   rlm_eap: No such sub-type for default EAP type ttls
   /usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module
   "eap"
   /usr/local/etc/raddb/sites-enabled/default[312]: Failed to find "eap"
   in the "modules" section.
   /usr/local/etc/raddb/sites-enabled/default[254]: Errors parsing
   authenticate section.
   Can someone pliz show me what i did wrong?
     __________________________________________________________________

   Find a local lawyer and free legal information at FindLaw.com.


More information about the Freeradius-Users mailing list