Hi Allan, Sorry that It was a mistake to say that I made changes at the config files. In fact I didn't not change anything on radiusd.conf and the only change I made at eap.conf is this line;
default_eap_type = peap As it was md5 before. Yes, I run all the commands as a root. Is this wrong? When I run the bootstrap script, again, as a root, here is what I get; comp-010:/etc/raddb/certs # ./bootsrap bash: ./bootsrap: No such file or directory comp-010:/etc/raddb/certs # ./bootstrap make: Nothing to be done for `ca'. make: Nothing to be done for `server'. make: `dh' is up to date. make: `random' is up to date. comp-010:/etc/raddb/certs # I will use the default certs for just testing purposes. Once I make this work with defaults ones, I will sure go ahead and create new certificates. But at this moment, all I want to see a working version of PEAP authentication in my test environment. Thank you George Knight On Thu, May 1, 2008 at 2:00 AM, Alan DeKok <[EMAIL PROTECTED]> wrote: > George KNIGHT wrote: > > A person like you who is dealing with freeradius on a daily basis may > > have a tendency of thinking that using/installing/troubleshooting > > freeradius is very easy. > > The goal is to *make* it that easy. A large number of problems on the > list are because people think it's complicated, and start changing large > amounts of the default config. > > > Based on the feedback I > > got from people, everyone seems to agree that it provided them a simple > > and easy to follow steps for the installation. I felt happy that I > > helped other people the way that I was helped at all the time through > > different forums on the internet. > > Based on the feedback I've seen, I've edited/updated the software > itself to be easier to use. I don't like reading "howto's", because > many are out of date, and many others are simply wrong. I would > *prefer* that people shipped software that worked, and was easy to use. > > > When I started implementing the FreeRadius, I thought I would find some > > documentation to start with. But unfortunately, after spending days, i > > couldn't find such a document. The more I read, the more i surprised > > that I couldn't figure this out. I know that it shouldn't be much > > difficult but here I am still struggling to make this work. > > The 5-6 line instructions I gave are all that's needed. > > > I installed the FreeRadous 2.0.2 with Yast tool with SuSE SLES. It > > installed it OK. And then i made changes to eap.conf and radiusd.conf > > files to start my test. I run radiusd -X and here is what I got; > > Why change eap.conf && radiusd.conf? > > > # radiusd -X > ... > > rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied > > That should be a pretty simple problem to fix. It's file permissions... > > Are you starting the server as root? > > > And other thing is that the command bootstrap couldn't finish creating > > certificates. > > Why not? What's the error message? Is it secret? > > Did you run the "bootstrap" script as root? > > > How may I solve this problem. And if finish creating > > certs successfully, which certificates should I install to the XP SP2 > > client and where? > > To be honest, you *shouldn't* install the default certificates. > They're only for testing. > > For testing, un-check the "validate server certificate" in XP. > > For real certificates, edit the conf files as described in the > raddb/certs/ documentation, and re-build the certs. Then, install the > CA cert, as described in the EAP-TLS howto... with pictures. > > > You suggested to read the file > > at http://freeradius.org/doc/EAPTLS.pdf but believe me it didn't help > > me. And it also gives information for TLS implementation. NOthing for > PEAP. > > PEAP *is* EAP-TLS. It's a variation of EAP-TLS, and all of the > certificate requirements for EAP-TLS apply to PEAP, too. > > If you have any ideas for what documentation needs to be updated, > please submit suggested text. We can include it in the next release. > > But my experience (unfortunately) is that the people who have the most > problems are reading third-party "howtos" that are *wrong*, and are > ignoring the server documentation that is *right*. That's a problem I > can't fix. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
