-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello FreeRADIUS-users,
According to http://wapu.org/projects.php?id=freeradius-eaptls i have built my own FreeRADIUS-debs from 1.0.2-Sources, but :
- --Snap Output "freeradius -X"-- ~ rlm_eap: Loaded and initialized type gtc ~ tls: rsa_key_exchange = no ~ tls: dh_key_exchange = yes ~ tls: rsa_key_length = 512 ~ tls: dh_key_length = 512 ~ tls: verify_depth = 0 ~ tls: CA_path = "(null)" ~ tls: pem_file_type = yes ~ tls: private_key_file = "/etc/freeradius/certs2/[EMAIL PROTECTED]" ~ tls: certificate_file = "/etc/freeradius/certs2/[EMAIL PROTECTED]" ~ tls: CA_file = "/etc/freeradius/certs2/radiustest-cacert.pem" ~ tls: private_key_password = "" ~ tls: dh_file = "/dev/urandom" ~ tls: random_file = "/dev/urandom" ~ tls: fragment_size = 1024 ~ tls: include_length = yes ~ tls: check_crl = no ~ tls: check_cert_cn = "(null)" ~ 7681:error:0200100D:system library:fopen:Permission denied:bss_file.c:104:fopen('/etc/freeradius/certs2/radiustest-cacert.pem','r') ~ 7681:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109: ~ 7681:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274: ~ rlm_eap_tls: Error reading Trusted root CA list ~ rlm_eap: Failed to initialize type tls ~ radiusd.conf[9]: eap: Module instantiation failed.
- --snap eap.conf-file-- ~ tls { ~ private_key_password = ~ private_key_file = /etc/freeradius/certs2/[EMAIL PROTECTED] ~ certificate_file = /etc/freeradius/certs2/[EMAIL PROTECTED] ~ CA_file = /etc/freeradius/certs2/CA/radiustest-cacert.pem ~ dh_file = /etc/freeradius/certs2/DH ~ random_file = /etc/freeradius/certs2/random ~ fragment_size = 1024 ~ include_length = yes ~ # check_crl = yes ~ # check_cert_cn = %{User-Name} ~ }
- --snap users-file--
~ "testuser1" Service-Type == Framed-User ~ Tunnel-Type += 13, ~ Tunnel-Media += 6, ~ Tunnel-Private-Group-Id += 10, ~ "testuser2" Service-Type == Framed-User ~ Tunnel-Type += 13, ~ Tunnel-Media += 6, ~ Tunnel-Private-Group-Id += 99,
I've created the certificates several time according to http://www.ccc.de/congress/2004/fahrplan/ files/100-sicherheit-fuer-hostap-wlans-paper.pdf with TinyCA - they also used FreeRADIUS with EPA-TLS.
Thanky you very much for every help! ~ Mark Wasmer
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: GnuPT-Light 0.2 by EQUIPMENTE.DE Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCSEzFrUtz+gVmmXsRAnZQAJ4izenMZE6IliwH55v0n15md5vKNgCfWjxV BTMJqYeroOa1wKne4pgLL9Q= =MLsK -----END PGP SIGNATURE-----
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html