Hi again,
On my quest to get working FreeRadius with Active Directory, I am now stuck
in the TLS section.
Following some posts on the list ntlm_auth requires mschapv2 and mschapv2
requires peap which needs tls to work!
So I tried this but without success. I'm using the default example
certificates. It looks like the errors are in the source files.
That's what I get when executing radiusd:
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "(null)"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "SecretKeyPass77"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
4121:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: CERTIFICATE
4121:error:0200100E:system library:fopen:Bad
address:bss_file.c:259:fopen('','r')
4121:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261:
4121:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
lib:ssl_rsa.c:513:
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[9]: eap: Module instantiation failed.
What could be wrong? I just followed the description of the conf files and
some hints on the list here.
Regards,
Pete
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
