I'm using freeradius-snapshot-20021028 and am trying to get freeradius work with
EAP-TLS. when I start radiusd I get the following message:
yoyogi:/usr/local/sbin # ./run-radiusd -X -A
+ LD_LIBRARY_PATH=/usr/local/openssl/lib
+ LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so
+ export LD_LIBRARY_PATH LD_PRELOAD
+ /usr/local/sbin/radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
/etc/raddb/radiusd.conf[583]: Unexpected end of section
Errors reading radiusd.conf
the eap-section of radiusd.conf looks as follows:
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received
default_eap_type = tls # uncommented and changed from md5 to tls by david
on 2003-1-17
# Default expiry time to clean the EAP list,
# It is maintained to co-relate the
# EAP-response for each EAP-request sent.
timer_expire = 60 # uncommented by david on 2003-1-17
# Supported EAP-types
# md5 { # commented out by david on 2003-1-17
# } # commented out by david on 2003-1-17 LINE 550
## FIXME: EAP-TLS is highly experimental EAP-Type at the moment.
# Please give feedback.
tls { # uncommented by david on 2003-1-17
private_key_password = NOPWD # uncommented & changed by by david on
2003-1-17
private_key_file = /etc/1x/yoyogi.pem # uncommented & changed by by
david on 2003-1-17
# If Private key & Certificate are located in the
# same file, then private_key_file & certificate_file
# must contain the same file name.
certificate_file = /etc/1x/yoyogi.pem # uncommented & changed by by
david on 2003-1-17
# Trusted Root CA list
CA_file = /etc/1x/root.pem # uncommented & changed by by david on
2003-1-17
dh_file = /etc/1x/DH # uncommented & changed by by david on 2003-1-17
random_file = /etc/1x/random # uncommented & changed by by david on
2003-1-17
#
# This can never exceed MAX_RADIUS_LEN (4096)
# preferably half the MAX_RADIUS_LEN, to
# accomodate other attributes in RADIUS packet.
# On most APs the MAX packet length is configured
# between 1500 - 1600. In these cases, fragment
# size should be <= 1024.
fragment_size = 1024 # uncommented by david on 2003-1-17
#
# include_length is a flag which is by default set to yes
# If set to yes, Total Length of the message is included
# in EVERY packet we send.
# If set to no, Total Length of the message is included
# ONLY in the First packet of a fragment series.
include_length = yes # uncommented by david on 2003-1-17
} # uncommented by david on 2003-1-17 LINE
583
}
I have of course double checked the paraenthesis and tried to run the original file
which works fine (for parsing).
The troubles start as soon as I uncomment the tls-section (or the md5 for that matter,
same error on LINE 550 - but no problem in the original file, where it is uncommented
as well).
I have had some other freeRadius versions installed before. Is it possible that it
interferes with some old parser somewhere?
Thanks for any suggestions,
David
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
