wpa_supplicant using EAP-TTLS problem

Yi-Yuan Wang dadai.cm91 at gmail.com
Tue Nov 13 02:36:42 EST 2007


Thanks for your teaching!
I understand more and more about the keying.

I follow your guide last mail,
combine server.pem and server.key to server-combined.pem,
and then put it into /usr/local/etc/raddb/certs/.
ca.pem also place to right side.

What I set in eap.conf is:
tls {
    private_key_password = whatever
    private_key_file = ${raddbdir}/certs/server-combined.pem
    certificate_file = ${raddbdir}/certs/server-combined.pem
    CA_file = ${raddbdir}/certs/demoCA/ca.pem
    dh_file = ${raddbdir}/certs/dh
    random_file = /dev/urandom
    fragment_size = 1024
}

After setup, I start radius by "radiusd -f -X"
but it can not work normally.
The screen shows:

(above is eliminated)
Module: Loaded eap
 eap: default_eap_type = "ttls"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/etc/raddb/certs/server-combined.pem"
 tls: certificate_file = "(null)"
 tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/ca.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/dev/urandom"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: SSL error error:0200100E:system library:fopen:Bad address
rlm_eap_tls: Error reading certificate file
rlm_eap: Failed to initialize type tls
radiusd.conf[10]: eap: Module instantiation failed.
radiusd.conf[1960] Unknown module "eap".
radiusd.conf[1907] Failed to parse authenticate section.

If I change the private_key_file and certificate_file back to original file
"cert-srv.pem",
it can work normally.
For this reason,
is there something I have to replace but not yet?
Or something I set is mismatch?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071113/f21f614a/attachment.htm 


More information about the HostAP mailing list