Re: (Desperate) help setting up freeradius for use with eap-tls and win clients

Federico Carbonetti Thu, 14 Sep 2006 03:04:52 -0700

hello!1st of all, THANKS for replying!:)
unfortunately, when i try to type "radiusd -X -A" the ouput is what follows..


Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "nobody"
main: group = "nobody"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
Cannot switch group; nobody doesn't exist

as i mentioned, maybe the problem is in the permissions/owners.. here
is the list of important files and configuration....

-rw-r--r-- 1 root root   422 2006-09-13 13:25 acct_users
-rw-r--r-- 1 root root  4074 2006-09-13 13:25 attrs
drwxr-xr-x 3 root root  4096 2006-09-13 16:47 certs
-rw-r----- 1 root root   189 2006-09-13 13:25 clients
-rw-r----- 1 root root  2935 2006-09-13 17:18 clients.conf
-rw-r----- 1 root root  2933 2006-09-13 14:01 clients.conf~
-rw-r--r-- 1 root root   935 2006-09-13 13:25 dictionary
-rw------- 1 root root  9974 2006-09-13 18:44 eap.conf
-rw------- 1 root root  9966 2006-09-13 17:38 eap.conf~
-rwxr-xr-x 1 root root  4620 2006-09-13 13:25 example.pl
-rw-r--r-- 1 root root  4405 2006-09-13 13:25 experimental.conf
-rw-r--r-- 1 root root  2396 2006-09-13 13:25 hints
-rw-r--r-- 1 root root  1604 2006-09-13 13:25 huntgroups
-rw-r--r-- 1 root root  2424 2006-09-13 13:25 ldap.attrmap
-rw-r--r-- 1 root root  8786 2006-09-13 13:25 mssql.conf
-rw-r--r-- 1 root root  1020 2006-09-13 13:25 naslist
-rw-r----- 1 root root   856 2006-09-13 13:25 naspasswd
-rw-r--r-- 1 root root 12267 2006-09-13 13:25 oraclesql.conf
-rw-r--r-- 1 root root  7316 2006-09-13 13:25 otp.conf
-rw-r--r-- 1 root root  1734 2006-09-13 13:25 otppasswd.sample
-rw-r--r-- 1 root root 14514 2006-09-13 13:25 postgresql.conf
-rw-r--r-- 1 root root  1039 2006-09-13 13:25 preproxy_users
-rw-r--r-- 1 root root  8834 2006-09-13 13:25 proxy.conf
-rw-r--r-- 1 root root 65378 2006-09-13 19:02 radiusd.conf
-rw-r--r-- 1 root root 65378 2006-09-13 19:00 radiusd.conf~
-rw-r--r-- 1 root root   187 2006-09-13 13:25 realms
-rw-r--r-- 1 root root  1405 2006-09-13 13:25 snmp.conf
-rw-r--r-- 1 root root 14128 2006-09-13 13:25 sql.conf
-rw-r--r-- 1 root root  3339 2006-09-13 13:25 sqlippool.conf
-rw-r--r-- 1 root root  6940 2006-09-13 13:25 users

and in the derectory cert the permeissions are:

-r--r--r-- 1 root   root 3194 2006-09-13 16:46 cacert.pem
-rw-r--r-- 1 root   root  721 2006-09-13 13:25 cert-clt.der
-rw-r--r-- 1 root   root 1741 2006-09-13 13:25 cert-clt.p12
-rw-r--r-- 1 root   root 2452 2006-09-13 13:25 cert-clt.pem
-rw-r--r-- 1 root   root  717 2006-09-13 13:25 cert-srv.der
-rw-r--r-- 1 root   root 1733 2006-09-13 13:25 cert-srv.p12
-rw-r--r-- 1 root   root 2439 2006-09-13 13:25 cert-srv.pem
drwxr-xr-x 2 root   root 4096 2006-09-13 13:25 demoCA
-r-------- 1 nobody root  466 2006-09-13 16:58 dh
-rw-r--r-- 1 root   root 2913 2006-09-13 13:25 newcert.pem
-rw-r--r-- 1 root   root 1753 2006-09-13 13:25 newreq.pem
-r-------- 1 nobody root 1024 2006-09-13 16:59 random
-rw-r--r-- 1 root   root  431 2006-09-13 13:25 README
-rw-r--r-- 1 root   root  954 2006-09-13 13:25 root.der
-rw-r--r-- 1 root   root 1973 2006-09-13 13:25 root.p12
-rw-r--r-- 1 root   root 2764 2006-09-13 13:25 root.pem
-r-------- 1 nobody root 1815 2006-09-13 16:47 server_keycert.pem

Any idea?
Thanks a lot again!


2006/9/14, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:

Hi,

> changing described in part III of the guide.. But when I finally
> started the server by typing rc.radiusd start It just wrote radiusd as
> response and then the shell prompts for new commands, while I think it
> should say something like "waiting to process..."

that command should just start the service as per normal...which would
drop you back to the shell.  if you want to see radiusd working, then you
need to either supply the forreground or debug flags to it...as in
the documents..

radiusd -X

should do nicely

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (Desperate) help setting up freeradius for use with eap-tls and win clients

Reply via email to