hi everybody, well i'm trying to implement an ap over linux, i use madwifi-ng, debian sarge kernel 2.6.13 and freeradius supplied with debian installation cd's; i'd like to add more security so i decided to use hostapd and freeradius, first i generate my own certificates using openssl, and my hostapd configuration refer to freeradius files and directories; here is my radiusd.conf file:

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
user = root
group = root
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = 192.168.50.1
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions     = yes
extended_expressions    = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = before
lower_pass = before
nospace_user = before
nospace_pass = before
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests  = yes
$INCLUDE  ${confdir}/proxy.conf
$INCLUDE  ${confdir}/clients.conf
snmp    = no
$INCLUDE  ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
shadow = /etc/shadow
radwtmp = ${logdir}/radwtmp
}

$INCLUDE ${confdir}/eap.conf
mschap {
}
ldap {
server = "ldap.your.domain"
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
realm IPASS {
format = prefix
delimiter = "/"
ignore_default = no
ignore_null = no
}
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
realm realmpercent {
format = suffix
delimiter = "%"
ignore_default = no
ignore_null = no
}
realm ntdomain {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}

        detail {
                detailperm = 0600
        }

        acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
        }

        $INCLUDE  ${confdir}/sql.conf

        radutmp {
                filename = ${logdir}/radutmp
                username = %{User-Name}
        case_sensitive = no
                check_with_nas = yes
                perm = 0600
        callerid = "yes"
        }

        radutmp sradutmp {
                filename = ${logdir}/sradutmp
                perm = 0644
                callerid = "no"
        }

        attr_filter {
                attrsfile = ${confdir}/attrs
        }

        counter daily {
                filename = ${raddbdir}/db.daily
                key = User-Name
                count-attribute = Acct-Session-Time
                reset = daily
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
                allowed-servicetype = Framed-User
                cache-size = 5000
        }

        always fail {
                rcode = fail
        }
        always reject {
                rcode = reject
        }
        always ok {
                rcode = ok
                simulcount = 0
                mpp = no
        }

        expr {
        }

        digest {
        }

        exec {
                wait = yes
                input_pairs = request
        }

        exec echo {
                wait = yes
        program = "/bin/echo %{User-Name}"
                input_pairs = request
                output_pairs = reply
        }

        ippool main_pool {
                range-start = 192.168.1.1
                range-stop = 192.168.3.254
                netmask = 255.255.255.0
                cache-size = 800
                session-db = ${raddbdir}/db.ippool
                ip-index = ${raddbdir}/db.ipindex
                override = no
                maximum-timeout = 0
        }
}

instantiate {
        exec
        expr
}

authorize {
        preprocess
        chap
        mschap
        suffix
eap
        files
}

authenticate {
        Auth-Type PAP {
                pap
        }

        Auth-Type CHAP {
                chap
        }

        Auth-Type MS-CHAP {
                mschap
        }
        unix
        eap
}

preacct {
        preprocess
        acct_unique
        suffix
files
}

accounting {
        detail
        unix
        radutmp
}

session {
        radutmp
}

post-auth {
}

pre-proxy {
}

post-proxy {
        eap
}

and here eap.conf file:

        eap {
                default_eap_type = tls
                timer_expire     = 60
                ignore_unknown_eap_types = no
                cisco_accounting_username_bug = no

                md5 {
                }

                leap {
                }


                gtc {
                        auth_type = PAP
                }


                tls {
                        private_key_password = wlanserver
                        private_key_file = 
/etc/freeradius/certs/miscerts/private/cakey.pem
                        certificate_file = 
/etc/freeradius/certs/miscerts/cacert.crt
                        CA_file = /etc/freeradius/certs/miscerts/cacert.pem
                        dh_file = /etc/freeradius/certs/dh
                        random_file = /etc/freeradius/certs/random
                        fragment_size = 1024
                }


                ttls {
                        default_eap_type = md5
                        copy_request_to_tunnel = no
                        use_tunneled_reply = no
                }

                mschapv2 {
                }
        }

well the problem is: when i run freeradius -X i get this error:

rlm_eap:Failed to link EAP-Type/tls: rlm_eap_tls.so:cannot open shared object:no such file or directory
radiusd.conf[9]:eap:instantation failed

so could any body help me?? why occurs this error and how could i solve it??
thanks for your help.

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to