Quantcast

Failed to initialize type tls

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Failed to initialize type tls

Francisco Javier Valdera Garcia
Hi,

I'm installing a 2.1.7 radius server, using a configuration developed in
a test environment. The configuration worked great in th test
environment, but I'm finding some problems in the production
environment. The output from radiusd -CX is as follows:

Module: Instantiating eap
  eap {
    default_eap_type = "ttls"
    timer_expire = 60
    ignore_unknown_eap_types = yes
    cisco_accounting_username_bug = yes
    max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
    rsa_key_exchange = no
    dh_key_exchange = yes
    rsa_key_length = 512
    dh_key_length = 512
    verify_depth = 0
    pem_file_type = yes
    private_key_file = "/etc/raddb/certs/servicios.key"
    certificate_file = "/etc/raddb/certs/servicios.pem"
    CA_file = "/etc/raddb/certs/ca_globalsign.pem"
    dh_file = "/etc/raddb/certs/dh"
    random_file = "/etc/raddb/certs/random"
    fragment_size = 1024
    include_length = yes
    check_crl = no
   }
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[293]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[240]: Errors parsing authenticate section.


Can anyone help me?

Thanks a lot.

Francisco Javier Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Failed to initialize type tls

A.L.M.Buxey
Hi,

>    private_key_file = "/etc/raddb/certs/servicios.key"
>    certificate_file = "/etc/raddb/certs/servicios.pem"
>    CA_file = "/etc/raddb/certs/ca_globalsign.pem"
>    dh_file = "/etc/raddb/certs/dh"
>    random_file = "/etc/raddb/certs/random"
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> rlm_eap_tls: Error loading randomness
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ensure that all the files are present - including your random file
and permissions are correct

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Failed to initialize type tls

Francisco Javier Valdera Garcia
Alan Buxey escribió:

> Hi,
>
>  
>>    private_key_file = "/etc/raddb/certs/servicios.key"
>>    certificate_file = "/etc/raddb/certs/servicios.pem"
>>    CA_file = "/etc/raddb/certs/ca_globalsign.pem"
>>    dh_file = "/etc/raddb/certs/dh"
>>    random_file = "/etc/raddb/certs/random"
>>    
>             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>  
>> rlm_eap_tls: Error loading randomness
>>    
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ensure that all the files are present - including your random file
> and permissions are correct
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  
This is the output from a ls command:

# ls -lh certs
total 100K
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r----- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r----- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r----- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-rw---- 1 root radiusd    0 oct 26 11:09 random
-rw-r----- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r----- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r----- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r----- 1 root radiusd  578 sep 18 16:59 xpextensions

Can you see anything wrong?

Thanks.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Failed to initialize type tls

A.L.M.Buxey
Hi,

> This is the output from a ls command:
>
> # ls -lh certs
> total 100K
> -rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
> -rw-r----- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
> -rw-r----- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
> -rw-r----- 1 root radiusd 1,1K sep 18 16:59 client.cnf
> -rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
> -rw-r----- 1 root radiusd 4,3K sep 18 16:59 Makefile
> -rw-rw---- 1 root radiusd    0 oct 26 11:09 random
> -rw-r----- 1 root radiusd 7,7K sep 18 16:59 README
> -rw-r----- 1 root radiusd 1,1K sep 18 16:59 server.cnf
> -rw-r----- 1 root radiusd 1,7K oct 21 11:19 servicios.key
> -rw-r----- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
> -rw-r----- 1 root radiusd  578 sep 18 16:59 xpextensions
>
> Can you see anything wrong?

err yes - look at that entry for 'random' - its blank.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Failed to initialize type tls

Francisco Javier Valdera Garcia
Alan Buxey escribió:

> Hi,
>
>  
>> This is the output from a ls command:
>>
>> # ls -lh certs
>> total 100K
>> -rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
>> -rw-r----- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
>> -rw-r----- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
>> -rw-r----- 1 root radiusd 1,1K sep 18 16:59 client.cnf
>> -rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
>> -rw-r----- 1 root radiusd 4,3K sep 18 16:59 Makefile
>> -rw-rw---- 1 root radiusd    0 oct 26 11:09 random
>> -rw-r----- 1 root radiusd 7,7K sep 18 16:59 README
>> -rw-r----- 1 root radiusd 1,1K sep 18 16:59 server.cnf
>> -rw-r----- 1 root radiusd 1,7K oct 21 11:19 servicios.key
>> -rw-r----- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
>> -rw-r----- 1 root radiusd  578 sep 18 16:59 xpextensions
>>
>> Can you see anything wrong?
>>    
>
> err yes - look at that entry for 'random' - its blank.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  
OK, I have executed the bootstrap script, and now I have

# ls -lh certs
total 224K
-rw-r----- 1 root root    4,2K oct 26 12:16 01.pem
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r----- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r----- 1 root root    1,2K oct 26 12:16 ca.der
-rw-r----- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r----- 1 root root    1,8K oct 26 12:16 ca.key
-rw-r----- 1 root root    1,7K oct 26 12:16 ca.pem
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r----- 1 root root     120 oct 26 12:16 index.txt
-rw-r----- 1 root root      21 oct 26 12:16 index.txt.attr
-rw-r----- 1 root root       0 oct 26 12:16 index.txt.old
-rw-r----- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-r----- 1 root root    5,0K oct 26 12:16 random
-rw-r----- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r----- 1 root root       3 oct 26 12:16 serial
-rw-r----- 1 root root       3 oct 26 12:16 serial.old
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r----- 1 root root    4,2K oct 26 12:16 server.crt
-rw-r----- 1 root root    1,1K oct 26 12:16 server.csr
-rw-r----- 1 root root    1,8K oct 26 12:16 server.key
-rw-r----- 1 root root    2,5K oct 26 12:16 server.p12
-rw-r----- 1 root root    3,5K oct 26 12:16 server.pem
-rw-r----- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r----- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r----- 1 root radiusd  578 sep 18 16:59 xpextensions

but still the same problem:

rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[293]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[240]: Errors parsing authenticate section.

I don't know what to do.

Thanks for your help.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Failed to initialize type tls

Francisco Javier Valdera Garcia
In reply to this post by A.L.M.Buxey
Ignore my last post. It was a permission issue. It's solved.

Thanks again four your help.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...