Hi all,
I am trying to set up FreeRadius with PEAP. However FreeRadius is not
starting. I already configured LEAP some time ago and it worked fine. I
cannot find where I made a failure:
Radiusd.conf: (skipped the parts which I think are not important ... using
defaults)
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
.... defaults....
}
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
#md5 {
#}
#leap {
#}
tls {
private_key_password = test
private_key_file = /root/freeradius_cvs/client.key
certificate_file = /root/freeradius_cvs/client.crt
CA_file = /root/freeradius_cvs/Radius.crt
#dh_file = /
random_file = /dev/random
#fragment_size = 1024
#include_length = yes
#check_crl = yes
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
#use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
mschap {
authtype = MS-CHAP
}
ldap {
server = "ldap.your.domain"
....
}
authorize {
preprocess
eap
suffix
files
mschap
}
clients.conf
client xxx.xxx.xxx.xxx {
secret = xxx
shortname = xxxx
}
users:
"vlad" Auth-Type := EAP, User-Password == "xxxxxx"
DEFAULT Auth-Type = System
and the output of radiusd -AfXxxx
Fri Oct 24 16:41:45 2003 : Info: Starting - reading configuration files ...
Fri Oct 24 16:41:45 2003 : Debug: reread_config: reading radiusd.conf
Fri Oct 24 16:41:45 2003 : Debug: Config: including file:
/usr/local/freeradius_cvs/etc/raddb/proxy.confFri Oct 24 16:41:45 2003 : Debug:
Config: including file:
/usr/local/freeradius_cvs/etc/raddb/clients.confFri Oct 24 16:41:45 2003 : Debug:
Config: including file:
/usr/local/freeradius_cvs/etc/raddb/snmp.confFri Oct 24 16:41:45 2003 : Debug: Config:
including file:
/usr/local/freeradius_cvs/etc/raddb/sql.confFri Oct 24 16:41:45 2003 : Debug: main:
prefix = "/usr/local/freeradius_cvs"
Fri Oct 24 16:41:45 2003 : Debug: main: localstatedir =
"/usr/local/freeradius_cvs/var"Fri Oct 24 16:41:45 2003 : Debug: main: logdir =
"/usr/local/freeradius_cvs/var/log/radius"Fri Oct 24 16:41:45 2003 : Debug: main:
libdir =
"/usr/local/freeradius_cvs/lib"Fri Oct 24 16:41:45 2003 : Debug: main: radacctdir =
"/usr/local/freeradius_cvs/var/log/radius/radacct"Fri Oct 24 16:41:45 2003 : Debug:
main: hostname_lookups = no
Fri Oct 24 16:41:45 2003 : Debug: main: max_request_time = 30
Fri Oct 24 16:41:45 2003 : Debug: main: cleanup_delay = 5
Fri Oct 24 16:41:45 2003 : Debug: main: max_requests = 1024
Fri Oct 24 16:41:45 2003 : Debug: main: delete_blocked_requests = 0
Fri Oct 24 16:41:45 2003 : Debug: main: port = 0
Fri Oct 24 16:41:45 2003 : Debug: main: allow_core_dumps = no
Fri Oct 24 16:41:45 2003 : Debug: main: log_stripped_names = no
Fri Oct 24 16:41:45 2003 : Debug: main: log_file =
"/usr/local/freeradius_cvs/var/log/radius/radius.log"Fri Oct 24 16:41:45 2003 : Debug:
main: log_auth = no
Fri Oct 24 16:41:45 2003 : Debug: main: log_auth_badpass = no
Fri Oct 24 16:41:45 2003 : Debug: main: log_auth_goodpass = no
Fri Oct 24 16:41:45 2003 : Debug: main: pidfile =
"/usr/local/freeradius_cvs/var/run/radiusd/radiusd.pid"Fri Oct 24 16:41:45 2003 :
Debug: main: user = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: main: group = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: main: usercollide = no
Fri Oct 24 16:41:45 2003 : Debug: main: lower_user = "no"
Fri Oct 24 16:41:45 2003 : Debug: main: lower_pass = "no"
Fri Oct 24 16:41:45 2003 : Debug: main: nospace_user = "no"
Fri Oct 24 16:41:45 2003 : Debug: main: nospace_pass = "no"
Fri Oct 24 16:41:45 2003 : Debug: main: checkrad =
"/usr/local/freeradius_cvs/sbin/checkrad"Fri Oct 24 16:41:45 2003 : Debug: main:
proxy_requests = yes
Fri Oct 24 16:41:45 2003 : Debug: proxy: retry_delay = 5
Fri Oct 24 16:41:45 2003 : Debug: proxy: retry_count = 3
Fri Oct 24 16:41:45 2003 : Debug: proxy: synchronous = no
Fri Oct 24 16:41:45 2003 : Debug: proxy: default_fallback = yes
Fri Oct 24 16:41:45 2003 : Debug: proxy: dead_time = 120
Fri Oct 24 16:41:45 2003 : Debug: proxy: post_proxy_authorize = yes
Fri Oct 24 16:41:45 2003 : Debug: proxy: wake_all_if_all_dead = no
Fri Oct 24 16:41:45 2003 : Debug: security: max_attributes = 200
Fri Oct 24 16:41:45 2003 : Debug: security: reject_delay = 1
Fri Oct 24 16:41:45 2003 : Debug: security: status_server = no
Fri Oct 24 16:41:45 2003 : Debug: main: debug_level = 0
Fri Oct 24 16:41:45 2003 : Debug: read_config_files: reading dictionary
Fri Oct 24 16:41:45 2003 : Debug: read_config_files: reading naslist
Fri Oct 24 16:41:45 2003 : Info: Using deprecated naslist file. Support
for this will go away soon.Fri Oct 24 16:41:45 2003 : Debug: read_config_files:
reading clients
Fri Oct 24 16:41:45 2003 : Info: Using deprecated clients file. Support
for this will go away soon.Fri Oct 24 16:41:45 2003 : Debug: read_config_files:
reading realms
Fri Oct 24 16:41:45 2003 : Info: Using deprecated realms file. Support
for this will go away soon.Fri Oct 24 16:41:45 2003 : Debug: radiusd: entering
modules setup
Fri Oct 24 16:41:45 2003 : Debug: Module: Library search path is
/usr/local/freeradius_cvs/libFri Oct 24 16:41:45 2003 : Debug: Module: Loaded expr
Fri Oct 24 16:41:45 2003 : Debug: Module: Instantiated expr (expr)
Fri Oct 24 16:41:45 2003 : Debug: Module: Loaded PAP
Fri Oct 24 16:41:45 2003 : Debug: pap: encryption_scheme = "crypt"
Fri Oct 24 16:41:45 2003 : Debug: Module: Instantiated pap (pap)
Fri Oct 24 16:41:45 2003 : Debug: Module: Loaded CHAP
Fri Oct 24 16:41:45 2003 : Debug: Module: Instantiated chap (chap)
Fri Oct 24 16:41:45 2003 : Debug: Module: Loaded MS-CHAP
Fri Oct 24 16:41:45 2003 : Debug: mschap: use_mppe = yes
Fri Oct 24 16:41:45 2003 : Debug: mschap: require_encryption = no
Fri Oct 24 16:41:45 2003 : Debug: mschap: require_strong = no
Fri Oct 24 16:41:45 2003 : Debug: mschap: passwd = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: mschap: authtype = "MS-CHAP"
Fri Oct 24 16:41:45 2003 : Debug: Module: Instantiated mschap (mschap)
Fri Oct 24 16:41:45 2003 : Debug: Module: Loaded System
Fri Oct 24 16:41:45 2003 : Debug: unix: cache = no
Fri Oct 24 16:41:45 2003 : Debug: unix: passwd = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: unix: shadow = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: unix: group = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: unix: radwtmp =
"/usr/local/freeradius_cvs/var/log/radius/radwtmp"Fri Oct 24 16:41:45 2003 : Debug:
unix: usegroup = no
Fri Oct 24 16:41:45 2003 : Debug: unix: cache_reload = 600
Fri Oct 24 16:41:45 2003 : Debug: Module: Instantiated unix (unix)
Fri Oct 24 16:41:45 2003 : Debug: Module: Loaded eap
Fri Oct 24 16:41:45 2003 : Debug: eap: default_eap_type = "ttls"
Fri Oct 24 16:41:45 2003 : Debug: eap: timer_expire = 60
Fri Oct 24 16:41:45 2003 : Debug: eap: ignore_unknown_eap_types = no
Fri Oct 24 16:41:45 2003 : Debug: tls: rsa_key_exchange = no
Fri Oct 24 16:41:45 2003 : Debug: tls: dh_key_exchange = yes
Fri Oct 24 16:41:45 2003 : Debug: tls: rsa_key_length = 512
Fri Oct 24 16:41:45 2003 : Debug: tls: dh_key_length = 512
Fri Oct 24 16:41:45 2003 : Debug: tls: verify_depth = 0
Fri Oct 24 16:41:45 2003 : Debug: tls: CA_path = "(null)"
Fri Oct 24 16:41:45 2003 : Debug: tls: pem_file_type = yes
Fri Oct 24 16:41:45 2003 : Debug: tls: private_key_file =
"/root/freeradius_cvs/client.key"Fri Oct 24 16:41:45 2003 : Debug: tls:
certificate_file =
"/root/freeradius_cvs/client.crt"Fri Oct 24 16:41:45 2003 : Debug: tls: CA_file =
"/root/freeradius_cvs/Radius.crt"Fri Oct 24 16:41:45 2003 : Debug: tls:
private_key_password = "test"
Fri Oct 24 16:41:45 2003 : Debug: tls: dh_file = "/root/shit"
Fri Oct 24 16:41:45 2003 : Debug: tls: random_file = "/dev/random"
Fri Oct 24 16:41:45 2003 : Debug: tls: fragment_size = 1024
Fri Oct 24 16:41:45 2003 : Debug: tls: include_length = yes
Fri Oct 24 16:41:45 2003 : Debug: tls: check_crl = no
FreeRadius doesn't come up. It stopps right there. No port allocated. No
Message like "Ready to serve...".I'm using the CVS Snapshot
freeradius-snapshot-20031024.tar.gz
I suppose it has something to do with the TLS module.
Does anybody know what I'm doing wrong?
Thanks,
Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
