some trouble EAP-TLS with v1.0.2 on Debian

Mark Wasmer Mon, 28 Mar 2005 08:29:39 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello FreeRADIUS-users,

According to http://wapu.org/projects.php?id=freeradius-eaptls i have
built my own FreeRADIUS-debs from 1.0.2-Sources, but :

- --Snap Output "freeradius -X"--
~ rlm_eap: Loaded and initialized type gtc
~  tls: rsa_key_exchange = no
~  tls: dh_key_exchange = yes
~  tls: rsa_key_length = 512
~  tls: dh_key_length = 512
~  tls: verify_depth = 0
~  tls: CA_path = "(null)"
~  tls: pem_file_type = yes
~  tls: private_key_file = "/etc/freeradius/certs2/[EMAIL PROTECTED]"
~  tls: certificate_file =
"/etc/freeradius/certs2/[EMAIL PROTECTED]"
~  tls: CA_file = "/etc/freeradius/certs2/radiustest-cacert.pem"
~  tls: private_key_password = ""
~  tls: dh_file = "/dev/urandom"
~  tls: random_file = "/dev/urandom"
~  tls: fragment_size = 1024
~  tls: include_length = yes
~  tls: check_crl = no
~  tls: check_cert_cn = "(null)"
~ 7681:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen('/etc/freeradius/certs2/radiustest-cacert.pem','r')
~ 7681:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
~ 7681:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:274:
~ rlm_eap_tls: Error reading Trusted root CA list
~ rlm_eap: Failed to initialize type tls
~ radiusd.conf[9]: eap: Module instantiation failed.

- --snap eap.conf-file--
~ tls {
~ private_key_password =
~ private_key_file = /etc/freeradius/certs2/[EMAIL PROTECTED]
~ certificate_file = /etc/freeradius/certs2/[EMAIL PROTECTED]
~ CA_file = /etc/freeradius/certs2/CA/radiustest-cacert.pem
~ dh_file = /etc/freeradius/certs2/DH
~ random_file = /etc/freeradius/certs2/random
~ fragment_size = 1024
~ include_length = yes
~ #     check_crl = yes
~ #      check_cert_cn = %{User-Name}
~ }

- --snap users-file--

~ "testuser1" Service-Type == Framed-User
~       Tunnel-Type += 13,
~       Tunnel-Media += 6,
~       Tunnel-Private-Group-Id += 10,
~ "testuser2" Service-Type == Framed-User
~       Tunnel-Type += 13,
~       Tunnel-Media += 6,
~       Tunnel-Private-Group-Id += 99,

I've created the certificates several time according to
http://www.ccc.de/congress/2004/fahrplan/
files/100-sicherheit-fuer-hostap-wlans-paper.pdf with TinyCA - they also
used FreeRADIUS with EPA-TLS.


Thanky you very much for every help!
~ Mark Wasmer

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: GnuPT-Light 0.2 by EQUIPMENTE.DE
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCSEzFrUtz+gVmmXsRAnZQAJ4izenMZE6IliwH55v0n15md5vKNgCfWjxV
BTMJqYeroOa1wKne4pgLL9Q=
=MLsK
-----END PGP SIGNATURE-----

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

some trouble EAP-TLS with v1.0.2 on Debian

Reply via email to