EAP-TLS problem.

Yiannis Samouhos Tue, 27 Jan 2004 13:38:31 -0800

Hi all gurus of the world.

Very Sorry for this HUGE Email but....


I have a problem configuring EAP with TLS. EAP with no TLS works fine.

This is the message I see even tho all files under certs are there and the compilation 
was errorless.


---cut text----
Module: Loaded eap
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Failed to link EAP-Type/tls: file not found
radiusd.conf[617]: eap: Module instantiation failed.

the config file is this..

----cut text------

        eap {
                default_eap_type = md5
                timer_expire     = 60
                ignore_unknown_eap_types = no
                md5 {
                }
                leap {
                }
                tls {
                        private_key_password = mykeyhere
                        private_key_file = ${raddbdir}/certs/cert-srv.pem
                        certificate_file = ${raddbdir}/certs/cert-srv.pem
                        CA_file = ${raddbdir}/certs/demoCA/cacert.pem
                        dh_file = ${raddbdir}/certs/dh
                        random_file = ${raddbdir}/certs/random
                        fragment_size = 1024
                        include_length = yes
                        check_crl = yes
                }
                peap {
                        default_eap_type = mschapv2
                }
                mschapv2 {
                }
        }

and the files reside on /usr/local/etc/raddb/certs

[EMAIL PROTECTED] certs]# pwd
/usr/local/etc/raddb/certs
[EMAIL PROTECTED] certs]# ls -al
total 60
drwxr-xr-x    3 root     root         4096 Jan 27 02:34 .
drwxr-xr-x    3 root     root         4096 Jan 27 22:15 ..
-rw-r--r--    1 root     root          681 Jan 27 02:34 cert-clt.der
-rw-r--r--    1 root     root         1701 Jan 27 02:34 cert-clt.p12
-rw-r--r--    1 root     root         2343 Jan 27 02:34 cert-clt.pem
-rw-r--r--    1 root     root          679 Jan 27 02:34 cert-srv.der
-rw-r--r--    1 root     root         1693 Jan 27 02:34 cert-srv.p12
-rw-r--r--    1 root     root         2353 Jan 27 02:34 cert-srv.pem
drwxr-xr-x    6 root     root         4096 Jan 27 02:34 demoCA
-rw-r--r--    1 root     root            0 Jan 27 02:34 dh
-rw-r--r--    1 root     root         2831 Jan 27 02:34 newcert.pem
-rw-r--r--    1 root     root         1724 Jan 27 02:34 newreq.pem
-rw-r--r--    1 root     root         1024 Jan 27 02:34 random
-rw-r--r--    1 root     root          894 Jan 27 02:34 root.der
-rw-r--r--    1 root     root         1909 Jan 27 02:34 root.p12
-rw-r--r--    1 root     root         2643 Jan 27 02:34 root.pem


I compiled  freeradius-snapshot-20040126 with openssl-0.9.7c in my RH7.3 with 2.4.18-3 
kernel.

Anyone has a clue?

I will also try 0.9.3 and see if I get the same problem but if it's a known issue then 
please say so.

Kind Regards to all,

-Yiannis




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TLS problem.

Reply via email to