freeradius -X crashes

Alan DeKok aland at deployingradius.com
Tue Jun 28 17:10:13 CEST 2016 

On Jun 28, 2016, at 10:41 AM, Henrik Kressner <kressner at synkro.dk> wrote:
> freeradius: FreeRADIUS Version 2.2.5, for host i586-pc-linux-gnu, built on Oct 24 2014 at 04:18:43

  You should upgrade. it's not difficult.

> Here comes the problem:
> 
> I followed the howto to this point: http://deployingradius.com/documents/configuration/pap.html
> 
> I tryid to disable validate server certificate, on a windows 7, but it stil ends op showing me:
> 
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> WARNING: !! EAP session for state 0x3e833be03884222b... did not finish!
> WARNING: !! Please read
> http://wiki.freeradius.org/guide/Certificate_Compatibility
> 
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> 
> 
> So I expect a certificate problem and follow this hoot:

  The Windows machine doesn't have the correct CA certificate fix that.

  There may also be additional Windows requirements which were not known at the time that 2.2.5 was released.  A newer version of the server will be able to create certificates that Windows likes.

> I suspect the certificates is not moved to where they should be.
> 
> (They are in: /usr/share/doc/freeradius/examples/certs

  Debian moves the certificates for reasons I don't understand.

> So I copy the cerificate into: /etc/freeradius/certs and check the rights. It looks like the original, but its no link.
> 
> /etc/freeradius# ls -l certs
> -rw-r--r-- 1 root freerad 1700 Jun 28 15:11 ca.pem
> -rw-r--r-- 1 root freerad 1834 Jun 28 15:13 server.key
> -rw-r--r-- 1 root freerad 3609 Jun 28 15:11 server.pem

  OK...

> Now when i run:
> 
> # freeradius -X
> 
> 
> It crashes with this:

  That's not a crash.  It's an error.  It's telling you that you did something wrong.

> .......
>        url ="http://127.0.0.1/ocsp/"
>        use_nonce = yes
>        timeout = 0
>        softfail = no
>    }
>   }
> rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
> rlm_eap_tls: Error reading private key file /etc/freeradius/certs/server.key

  The password for the server certificate is wrong.  Fix that.

  See the EAP module configuration.  Look for "password".

  Alan DeKok.

More information about the Freeradius-Users mailing list