Re: PEAP TLS ... FreeRadius not starting

vlad Fri, 24 Oct 2003 09:06:59 -0700

I didn't change so much at all I think...
However I changed back to the radiusd.conf from the installation.
I changed the following lines:


# diff radiusd.conf.orig radiusd.conf

615c615
<               default_eap_type = md5
---
>               default_eap_type = ttls

660c660,665
<               #tls {
---
>               tls {
>
>                         private_key_password = test
>                       private_key_file = /root/freeradius_cvs/client.key
>
>

668a674,675
>                       certificate_file = /root/freeradius_cvs/client.crt
>

671c678,680
<               #       CA_file = /path/filename
---
>                       #CA_file = /path/filename
>                       CA_file = /root/freeradius_cvs/Radius.crt
>

674a684,685
>                       random_file = /dev/random
>

707c718
<               #}
---
>               }

715c726
<               #ttls {
---
>               ttls {

754c765
<               #}
---
>               }

Still the same result (see below).
Could it be that there is something wrong with my certificates? I used
"standard" OpenSSL certs. Where can I find more Information what exactly 
freeradius wants for private_key_file, certificate_file, CA_file, dh_file
(especially CA_file).

Any help appreciated.

Martin



Fri Oct 24 17:50:37 2003 : Info: Starting - reading configuration files ...
Fri Oct 24 17:50:37 2003 : Debug: reread_config:  reading radiusd.conf
Fri Oct 24 17:50:37 2003 : Debug: Config:   including file:
/usr/local/freeradius_cvs/etc/raddb/proxy.confFri Oct 24 17:50:37 2003 : Debug: 
Config:   including file:
/usr/local/freeradius_cvs/etc/raddb/clients.confFri Oct 24 17:50:37 2003 : Debug: 
Config:   including file:
/usr/local/freeradius_cvs/etc/raddb/snmp.confFri Oct 24 17:50:37 2003 : Debug: Config: 
  including file:
/usr/local/freeradius_cvs/etc/raddb/sql.confFri Oct 24 17:50:37 2003 : Debug:  main: 
prefix = "/usr/local/freeradius_cvs"
Fri Oct 24 17:50:37 2003 : Debug:  main: localstatedir =
"/usr/local/freeradius_cvs/var"Fri Oct 24 17:50:37 2003 : Debug:  main: logdir =
"/usr/local/freeradius_cvs/var/log/radius"Fri Oct 24 17:50:37 2003 : Debug:  main: 
libdir =
"/usr/local/freeradius_cvs/lib"Fri Oct 24 17:50:37 2003 : Debug:  main: radacctdir =
"/usr/local/freeradius_cvs/var/log/radius/radacct"Fri Oct 24 17:50:37 2003 : Debug:  
main: hostname_lookups = no
Fri Oct 24 17:50:37 2003 : Debug:  main: max_request_time = 30
Fri Oct 24 17:50:37 2003 : Debug:  main: cleanup_delay = 5
Fri Oct 24 17:50:37 2003 : Debug:  main: max_requests = 1024
Fri Oct 24 17:50:37 2003 : Debug:  main: delete_blocked_requests = 0
Fri Oct 24 17:50:37 2003 : Debug:  main: port = 0
Fri Oct 24 17:50:37 2003 : Debug:  main: allow_core_dumps = no
Fri Oct 24 17:50:37 2003 : Debug:  main: log_stripped_names = no
Fri Oct 24 17:50:37 2003 : Debug:  main: log_file =
"/usr/local/freeradius_cvs/var/log/radius/radius.log"Fri Oct 24 17:50:37 2003 : Debug: 
 main: log_auth = no
Fri Oct 24 17:50:37 2003 : Debug:  main: log_auth_badpass = no
Fri Oct 24 17:50:37 2003 : Debug:  main: log_auth_goodpass = no
Fri Oct 24 17:50:37 2003 : Debug:  main: pidfile =
"/usr/local/freeradius_cvs/var/run/radiusd/radiusd.pid"Fri Oct 24 17:50:37 2003 : 
Debug:  main: user = "(null)"
Fri Oct 24 17:50:37 2003 : Debug:  main: group = "(null)"
Fri Oct 24 17:50:37 2003 : Debug:  main: usercollide = no
Fri Oct 24 17:50:37 2003 : Debug:  main: lower_user = "no"
Fri Oct 24 17:50:37 2003 : Debug:  main: lower_pass = "no"
Fri Oct 24 17:50:37 2003 : Debug:  main: nospace_user = "no"
Fri Oct 24 17:50:37 2003 : Debug:  main: nospace_pass = "no"
Fri Oct 24 17:50:37 2003 : Debug:  main: checkrad =
"/usr/local/freeradius_cvs/sbin/checkrad"Fri Oct 24 17:50:37 2003 : Debug:  main: 
proxy_requests = yes
Fri Oct 24 17:50:37 2003 : Debug:  proxy: retry_delay = 5
Fri Oct 24 17:50:37 2003 : Debug:  proxy: retry_count = 3
Fri Oct 24 17:50:37 2003 : Debug:  proxy: synchronous = no
Fri Oct 24 17:50:37 2003 : Debug:  proxy: default_fallback = yes
Fri Oct 24 17:50:37 2003 : Debug:  proxy: dead_time = 120
Fri Oct 24 17:50:37 2003 : Debug:  proxy: post_proxy_authorize = yes
Fri Oct 24 17:50:37 2003 : Debug:  proxy: wake_all_if_all_dead = no
Fri Oct 24 17:50:37 2003 : Debug:  security: max_attributes = 200
Fri Oct 24 17:50:37 2003 : Debug:  security: reject_delay = 1
Fri Oct 24 17:50:37 2003 : Debug:  security: status_server = no
Fri Oct 24 17:50:37 2003 : Debug:  main: debug_level = 0
Fri Oct 24 17:50:37 2003 : Debug: read_config_files:  reading dictionary
Fri Oct 24 17:50:37 2003 : Debug: read_config_files:  reading naslist
Fri Oct 24 17:50:37 2003 : Info: Using deprecated naslist file.  Support
for this will go away soon.Fri Oct 24 17:50:37 2003 : Debug: read_config_files:  
reading clients
Fri Oct 24 17:50:37 2003 : Info: Using deprecated clients file.  Support
for this will go away soon.Fri Oct 24 17:50:37 2003 : Debug: read_config_files:  
reading realms
Fri Oct 24 17:50:37 2003 : Info: Using deprecated realms file.  Support
for this will go away soon.Fri Oct 24 17:50:37 2003 : Debug: radiusd:  entering 
modules setup
Fri Oct 24 17:50:37 2003 : Debug: Module: Library search path is
/usr/local/freeradius_cvs/libFri Oct 24 17:50:37 2003 : Debug: Module: Loaded expr
Fri Oct 24 17:50:37 2003 : Debug: Module: Instantiated expr (expr)
Fri Oct 24 17:50:37 2003 : Debug: Module: Loaded PAP
Fri Oct 24 17:50:37 2003 : Debug:  pap: encryption_scheme = "crypt"
Fri Oct 24 17:50:37 2003 : Debug: Module: Instantiated pap (pap)
Fri Oct 24 17:50:37 2003 : Debug: Module: Loaded CHAP
Fri Oct 24 17:50:37 2003 : Debug: Module: Instantiated chap (chap)
Fri Oct 24 17:50:37 2003 : Debug: Module: Loaded MS-CHAP
Fri Oct 24 17:50:37 2003 : Debug:  mschap: use_mppe = yes
Fri Oct 24 17:50:37 2003 : Debug:  mschap: require_encryption = no
Fri Oct 24 17:50:37 2003 : Debug:  mschap: require_strong = no
Fri Oct 24 17:50:37 2003 : Debug:  mschap: passwd = "(null)"
Fri Oct 24 17:50:37 2003 : Debug:  mschap: authtype = "MS-CHAP"
Fri Oct 24 17:50:37 2003 : Debug: Module: Instantiated mschap (mschap)
Fri Oct 24 17:50:37 2003 : Debug: Module: Loaded System
Fri Oct 24 17:50:37 2003 : Debug:  unix: cache = no
Fri Oct 24 17:50:37 2003 : Debug:  unix: passwd = "(null)"
Fri Oct 24 17:50:37 2003 : Debug:  unix: shadow = "(null)"
Fri Oct 24 17:50:37 2003 : Debug:  unix: group = "(null)"
Fri Oct 24 17:50:37 2003 : Debug:  unix: radwtmp =
"/usr/local/freeradius_cvs/var/log/radius/radwtmp"Fri Oct 24 17:50:37 2003 : Debug:  
unix: usegroup = no
Fri Oct 24 17:50:37 2003 : Debug:  unix: cache_reload = 600
Fri Oct 24 17:50:37 2003 : Debug: Module: Instantiated unix (unix)
Fri Oct 24 17:50:37 2003 : Debug: Module: Loaded eap
Fri Oct 24 17:50:37 2003 : Debug:  eap: default_eap_type = "ttls"
Fri Oct 24 17:50:37 2003 : Debug:  eap: timer_expire = 60
Fri Oct 24 17:50:37 2003 : Debug:  eap: ignore_unknown_eap_types = no
Fri Oct 24 17:50:37 2003 : Debug: rlm_eap: Loaded and initialized type md5
Fri Oct 24 17:50:37 2003 : Debug: rlm_eap: Loaded and initialized type leap
Fri Oct 24 17:50:38 2003 : Debug:  tls: rsa_key_exchange = no
Fri Oct 24 17:50:38 2003 : Debug:  tls: dh_key_exchange = yes
Fri Oct 24 17:50:38 2003 : Debug:  tls: rsa_key_length = 512
Fri Oct 24 17:50:38 2003 : Debug:  tls: dh_key_length = 512
Fri Oct 24 17:50:38 2003 : Debug:  tls: verify_depth = 0
Fri Oct 24 17:50:38 2003 : Debug:  tls: CA_path = "(null)"
Fri Oct 24 17:50:38 2003 : Debug:  tls: pem_file_type = yes
Fri Oct 24 17:50:38 2003 : Debug:  tls: private_key_file =
"/root/freeradius_cvs/client.key"Fri Oct 24 17:50:38 2003 : Debug:  tls: 
certificate_file =
"/root/freeradius_cvs/client.crt"Fri Oct 24 17:50:38 2003 : Debug:  tls: CA_file =
"/root/freeradius_cvs/Radius.crt"Fri Oct 24 17:50:38 2003 : Debug:  tls: 
private_key_password = "test"
Fri Oct 24 17:50:38 2003 : Debug:  tls: dh_file = "(null)"
Fri Oct 24 17:50:38 2003 : Debug:  tls: random_file = "/dev/random"
Fri Oct 24 17:50:38 2003 : Debug:  tls: fragment_size = 1024
Fri Oct 24 17:50:38 2003 : Debug:  tls: include_length = yes
Fri Oct 24 17:50:38 2003 : Debug:  tls: check_crl = no





> <[EMAIL PROTECTED]> wrote:
>>    I am trying to set up FreeRadius with PEAP. However FreeRadius is
>>    not starting. I already configured LEAP some time ago and it worked
>>    fine. I cannot find where I made a failure:
>
>  It looks like you've drastically hacked your radiusd.conf file:
>
>>      eap {
>>           default_eap_type = ttls
>>           timer_expire     = 60
>>           ignore_unknown_eap_types = no
>>           #md5 {
>>           #}
>
>  Ok, so you don't want EAP-MD5.
>
>>            ttls {
>>                  default_eap_type = md5
>
>  Oh, you *do* want EAP-MD5.
>
>>              mschapv2 {
>>                 }
>>
>>            mschap {
>>               authtype = MS-CHAP
>>             }
>
>  Uh... one is an EAP sub-type, and the other is a module on it's own.
>
>
>  Stop playing games with such drastic edits to 'radiusd.conf'.  You
> don't understand what you're doing, and you're breaking it.  Start off
> with the 'radiusd.conf' shipped with the server.  It works.  Edit it
> slowly and a small piece at a time, running 'radiusd' each time to
> ensure you haven't broken anything.
>
>  Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP TLS ... FreeRadius not starting

Reply via email to