some trouble EAP-TLS with v1.0.2 on Debian

This is a discussion on some trouble EAP-TLS with v1.0.2 on Debian within the FreeRADIUS Users forums, part of the Networking and Network Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello FreeRADIUS-users, According to http://wapu.org/projects.php?id=freeradius-eaptls i ...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page some trouble EAP-TLS with v1.0.2 on Debian

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-28-2005
Mark Wasmer
 
Posts: n/a
Default some trouble EAP-TLS with v1.0.2 on Debian
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello FreeRADIUS-users,

According to http://wapu.org/projects.php?id=freeradius-eaptls i have
built my own FreeRADIUS-debs from 1.0.2-Sources, but :

- --Snap Output "freeradius -X"--
~ rlm_eap: Loaded and initialized type gtc
~ tls: rsa_key_exchange = no
~ tls: dh_key_exchange = yes
~ tls: rsa_key_length = 512
~ tls: dh_key_length = 512
~ tls: verify_depth = 0
~ tls: CA_path = "(null)"
~ tls: pem_file_type = yes
~ tls: private_key_file = "/etc/freeradius/certs2/admin@gws-loe.de-key.pem"
~ tls: certificate_file =
"/etc/freeradius/certs2/admin@gws-loe.de-cert.pem"
~ tls: CA_file = "/etc/freeradius/certs2/radiustest-cacert.pem"
~ tls: private_key_password = ""
~ tls: dh_file = "/dev/urandom"
~ tls: random_file = "/dev/urandom"
~ tls: fragment_size = 1024
~ tls: include_length = yes
~ tls: check_crl = no
~ tls: check_cert_cn = "(null)"
~ 7681:error:0200100D:system library:fopen:Permission
denied:bss_file.c:104:fopen('/etc/freeradius/certs2/radiustest-cacert.pem','r')
~ 7681:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109:
~ 7681:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system lib:by_file.c:274:
~ rlm_eap_tls: Error reading Trusted root CA list
~ rlm_eap: Failed to initialize type tls
~ radiusd.conf[9]: eap: Module instantiation failed.

- --snap eap.conf-file--
~ tls {
~ private_key_password =
~ private_key_file = /etc/freeradius/certs2/admin@gws-loe.de-key.pem
~ certificate_file = /etc/freeradius/certs2/admin@gws-loe.de-cert.pem
~ CA_file = /etc/freeradius/certs2/CA/radiustest-cacert.pem
~ dh_file = /etc/freeradius/certs2/DH
~ random_file = /etc/freeradius/certs2/random
~ fragment_size = 1024
~ include_length = yes
~ # check_crl = yes
~ # check_cert_cn = %{User-Name}
~ }

- --snap users-file--

~ "testuser1" Service-Type == Framed-User
~ Tunnel-Type += 13,
~ Tunnel-Media += 6,
~ Tunnel-Private-Group-Id += 10,
~ "testuser2" Service-Type == Framed-User
~ Tunnel-Type += 13,
~ Tunnel-Media += 6,
~ Tunnel-Private-Group-Id += 99,

I've created the certificates several time according to
http://www.ccc.de/congress/2004/fahrplan/
files/100-sicherheit-fuer-hostap-wlans-paper.pdf with TinyCA - they also
used FreeRADIUS with EPA-TLS.


Thanky you very much for every help!
~ Mark Wasmer

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: GnuPT-Light 0.2 by EQUIPMENTE.DE
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCSEkErUtz+gVmmXsRAujWAJ9kzDT4V4fgwjJht+UWRf XWSogCXACfRA6+
QQBw1HhFGJP6KuOdr2fSyo4=
=futB
-----END PGP SIGNATURE-----

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:47 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0