freeradius 3 and certs

gahn ipfreak at yahoo.com
Fri Feb 12 18:19:15 CET 2016 

hello all:
i am learning radius3 for  802.1x authentication.
i have followed the web site "http://deployingradius.com/documents/configuration/eap.html" and tried to get basic 802.1x tests going. at the first step, it failed me on "snake oil"certificates creation:
root at lab:/usr/local/etc/raddb/certs # radiusd -v
radiusd: FreeRADIUS Version 3.0.11, for host amd64-portbld-freebsd10.1, built on Jan 31 2016 at 14:36:06
Copyright (C) 1999-2016 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT



root at lab:/usr/local/etc/raddb/certs # make
/usr/bin/openssl req -new  -out server.csr -keyout server.key -config ./server.cnf
Generating a 2048 bit RSA private key
..........+++
..................................................................+++
writing new private key to 'server.key'
-----
/usr/bin/openssl req -new -x509 -keyout ca.key -out ca.pem  -days '60' -config ./ca.cnf
Generating a 2048 bit RSA private key
.....+++
.......................+++
writing new private key to 'ca.key'
-----
/usr/bin/openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key 'whatever' -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
Using configuration from ./server.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 3 (0x3)
        Validity
            Not Before: Feb 12 16:09:37 2016 GMT
            Not After : Apr 12 16:09:37 2016 GMT
        Subject:
            countryName               = FR
            stateOrProvinceName       = Radius
            organizationName          = Example Inc.
            commonName                = Example Server Certificate
            emailAddress              = admin at example.org
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://www.example.com/example_ca.crl

Certificate is to be certified until Apr 12 16:09:37 2016 GMT (60 days)
failed to update database
TXT_DB error number 2
*** Error code 1

Stop.
make: stopped in /usr/local/etc/raddb/certs

it seemed to have passed compilation but failed on database, is it something wrong with the code?
thanks
_dave

More information about the Freeradius-Users mailing list