Hi Has got Anybody a freeradius server working with multiple server certificates?
I've tried the configuration explained below but freeradius returns error messages. Module: Instantiated eap (eap1) eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "/home/certificados/store/CAX-CA2" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/etc/raddb/certs/cacert.pem" tls: private_key_password = "test" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = yes tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading certificate file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap2: Module instantiation failed. radiusd.conf[1597] Unknown module "eap2". radiusd.conf[1597] Failed to parse "eap2" entry. Any help is good Thanks Manel ------------------------------------------- 2. Re : Multiple server certificates in EAP-TLS or EAP-TTLS (Eshun Benjamin) Message: 2 Date: Wed, 30 May 2007 05:22:30 +0000 (GMT) From: Eshun Benjamin <[EMAIL PROTECTED]> Subject: Re : Multiple server certificates in EAP-TLS or EAP-TTLS To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" There was a post on this by Mike; You'll have to set up two instances of the EAP module. The first instance will have the TLS submodule set up with the information for Cert1.pem (and the appropriate key and CA cert). The second instance will have its TLS submodule set with the info for Cert2.pem. It will look something like this: modules { ... eap eap1 { ... tls { certificate = Cert1.pem ... } } eap eap2 { ... tls { certificate = Cert2.pem ... } } } authorize { ... eap1 } authenticate { ... eap1 eap2 } Then, this is one of the few instances where you'll need to manually specify the Auth-Type in the users file, like this: DEFAULT Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1 DEFAULT Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2 Or, better yet, use regexes (this should work): DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1 ================================================== Benjamin K. Eshun DISCLAIMER: Este mensaje contiene información propietaria de la cual parte o toda puede contener información confidencial o protegida legalmente. Esta exclusivamente destinado al usuario de destino. Si, por un error de envio o transmisión, ha recibido este mensaje y usted no es el destinatario del mismo, por favor, notifique de este hecho al remitente. Si no es el destinatario final de este mensaje no debe usar, informar, distribuir, imprimir, copiar o difundir este mensaje bajo ningún medio. --------- DISCLAIMER: This e-mail contains propietary information some or all of which may be legally protected. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or relay this e-mail. ***************************************************************************
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html