Re: New EAP/TLS + MPPE WinXP HOWTO questions with creating CertificateAuthority (CA)

2002-11-03 Thread augustine tsai 
David,

read the error messages.  look likes u are missing some of the 
files..eg. newcert..pem, tranda1.p12...

where do your find Raymond Mckay's file?

There is another EAP/TLS howto, http://www.freeradius.org/doc/EAPTLS.pdf

Augustine
David Tran wrote:

To All,
I've followed Raymond Mckay EAP/TLS MPPE WinXP(SP1) HOWTO step-by-step
on my RedHat Linux 8.  Everything works great except on Chapter 6 
where I have
run into problems with "Certficate Generation" where the CA.root 
scripts work but
the CA.svr and CA.clt do not.  Here are the errors below.  As a new 
linux user,
I don't know what I need to do in making it work.  Please help.
 
Raymond, I can that you have me and other linux users with your 
instructions.
I would like to say "THANK YOU!".
 
David Tran
[EMAIL PROTECTED] 
 
0) The machine is running Redhat Linux 8.0.  This machine hostname is 
resolved by
DNS server as "linux-radius.micronetsolution.com" to 172.16.1.2
 
1) download the 0.9.6g 
, 
0.9.7-beta3 
, 
SNAP-20021027 
 and 
snapshot-20021028 

 
2) unzip, untar and compile and everything looks good.  By the way, I 
use the same
layout directory as described by you in instructions.  Look good 
so far,
 
3) modify the Makefile in src/modules/rlm_eap/types/rlm_eap_tls and 
type "make",
Look good.
 
3a) modify the openssl.conf to suit my need (basically, put in my 
email, location, etc...)
 
4) Certificate Generation.  I copy the CA.root, CA.svr, CA.clt from 
the instructions.  I change the
password from "whatever" to "test123",
 
5) when I run CA.root, look good
 
6) when I run CA.svr and CA.clt, I am getting error:
 
here are the errors:
[root@linux-radius ssl]# pwd
/usr/local/openssl-certgen/ssl
[root@linux-radius ssl]# ls -l
total 64
-rwx--1 root root 1731 Nov  2 10:25 CA.clt
-rwx--1 root root 2208 Nov  2 10:25 CA.root
-rwx--1 root root 1674 Nov  2 10:25 CA.svr
drwxr-xr-x2 root root 4096 Nov  1 15:11 certs
drwxr-xr-x6 root root 4096 Nov  2 10:25 demoCA
drwxr-xr-x2 root root 4096 Nov  1 15:11 lib
drwxr-xr-x6 root root 4096 Nov  1 15:07 man
drwxr-xr-x2 root root 4096 Nov  1 15:11 misc
-rw-r--r--1 root root 7665 Nov  2 10:22 openssl.cnf
-rw-r--r--1 root root 7521 Nov  2 07:48 openssl.cnf.orig
drwxr-xr-x2 root root 4096 Nov  1 15:11 private
-rw-r--r--1 root root  986 Nov  2 10:25 root.der
-rw-r--r--1 root root 2005 Nov  2 10:25 root.p12
-rw-r--r--1 root root 2844 Nov  2 10:25 root.pem
[root@linux-radius ssl]# ls
CA.clt  CA.root  CA.svr  certs  demoCA  lib  man  misc  openssl.cnf  
openssl.cnf.orig  private  root.der  root.p12  root.pem
[root@linux-radius ssl]# CA.root
*
Creating self-signed private key and certificate
When prompted override the default value for the Common Name field
*
 
Generating a 1024 bit RSA private key
..++
..++
writing new private key to 'newreq.pem'
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or 
a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [US]:
State or Province Name (full name) [Maryland]:
Locality Name (eg, city) [Beltsville]:
Organization Name (eg, company) [micronetsolution]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) [Micronetsolution Wireless Network]:
Email Address [[EMAIL PROTECTED]]:
*
Creating a new CA hierarchy (used later by the ca command) with the 
certificate
and private key created in the last step
*
 
*
Creating ROOT CA
*
 
MAC verified OK
[root@linux-radius ssl]# CA.svr linux-radius
*
Creating server private key and certificate
When prompted enter the server name in the Common Name field.

unsubscribe

2002-10-17 Thread augustine tsai 
Please remove me from your list.

Thanks.

Augustine


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

configure Cisco AP340 for Radius

2002-10-03 Thread augustine tsai 

Hi,

Is there anyone know how to configure Cisco Airnet 340 (AP340) through
the web browser? There is a serial port at the back of AP340.  I would
like to modify the Authenticator Configuration.  I am setting up
supplicant on XP and a FreeRadius on the Linux box.

Here is my setup.

__  __   
__
| dsl modem | <--->| linksys dsl router| <>| AP340  | <> | linux
radius|
-  ---
----

I hook up AP340 to a Linksys 4 ports DSL router. The Linksys hook up to
DSL Modelm.  The Linksys DSL router has a DHCP server.  I can access
Linksys DSL router at 192.168.1.1.  Is there any default IP address for
AP340?

Thanks for the help.

Augustine


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

specify shadow passwd file

2002-07-18 Thread Augustine Tsai 

Hi,

I have downloaded freeradius-0.6.  
I tried to run >radiusd -X -A

and get the following message.
>unix: cache=yes
>unix: passwd = "/etc/passed"
>unix: shadow = "(null)"
.
.
HASH: Reinitializing hash structures and lists for caching...
rlm_unix: you MUST specify a shadow password file!
HASH: unable to create uses hash table. disable caching and run debugs
radiusd.conf[426]: unix: Module instantiation failed.


Do you have to configure the Radius server before you run the deamon?
How to specify the shadow password file.

Thanks in advance.

Augustine


Augustine Tsai, Ph.D   
Multimedia Communication Research
Room 2D-443 
Lucent Technologies
600-700 Mountain Ave. 
Murray Hill, NJ 07974-0636
tel: 908-582-6519  
fax: 908-582-3306  
[EMAIL PROTECTED] 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html