Failed to initialize type tls

Hi,

I'm installing a 2.1.7 radius server, using a configuration developed in
a test environment. The configuration worked great in th test
environment, but I'm finding some problems in the production
environment. The output from radiusd -CX is as follows:

Module: Instantiating eap
  eap {
    default_eap_type = "ttls"
    timer_expire = 60
    ignore_unknown_eap_types = yes
    cisco_accounting_username_bug = yes
    max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
    rsa_key_exchange = no
    dh_key_exchange = yes
    rsa_key_length = 512
    dh_key_length = 512
    verify_depth = 0
    pem_file_type = yes
    private_key_file = "/etc/raddb/certs/servicios.key"
    certificate_file = "/etc/raddb/certs/servicios.pem"
    CA_file = "/etc/raddb/certs/ca_globalsign.pem"
    dh_file = "/etc/raddb/certs/dh"
    random_file = "/etc/raddb/certs/random"
    fragment_size = 1024
    include_length = yes
    check_crl = no
   }
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[293]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[240]: Errors parsing authenticate section.


Can anyone help me?

Thanks a lot.

Francisco Javier Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,

>    private_key_file = "/etc/raddb/certs/servicios.key"
>    certificate_file = "/etc/raddb/certs/servicios.pem"
>    CA_file = "/etc/raddb/certs/ca_globalsign.pem"
>    dh_file = "/etc/raddb/certs/dh"
>    random_file = "/etc/raddb/certs/random"
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> rlm_eap_tls: Error loading randomness
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

ensure that all the files are present - including your random file
and permissions are correct

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan Buxey escribió: This is the output from a ls command:

# ls -lh certs
total 100K
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r----- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r----- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r----- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-rw---- 1 root radiusd    0 oct 26 11:09 random
-rw-r----- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r----- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r----- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r----- 1 root radiusd  578 sep 18 16:59 xpextensions

Can you see anything wrong?

Thanks.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hi,

err yes - look at that entry for 'random' - its blank.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alan Buxey escribió: OK, I have executed the bootstrap script, and now I have

# ls -lh certs
total 224K
-rw-r----- 1 root root    4,2K oct 26 12:16 01.pem
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r----- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r----- 1 root root    1,2K oct 26 12:16 ca.der
-rw-r----- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r----- 1 root root    1,8K oct 26 12:16 ca.key
-rw-r----- 1 root root    1,7K oct 26 12:16 ca.pem
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r----- 1 root root     120 oct 26 12:16 index.txt
-rw-r----- 1 root root      21 oct 26 12:16 index.txt.attr
-rw-r----- 1 root root       0 oct 26 12:16 index.txt.old
-rw-r----- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-r----- 1 root root    5,0K oct 26 12:16 random
-rw-r----- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r----- 1 root root       3 oct 26 12:16 serial
-rw-r----- 1 root root       3 oct 26 12:16 serial.old
-rw-r----- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r----- 1 root root    4,2K oct 26 12:16 server.crt
-rw-r----- 1 root root    1,1K oct 26 12:16 server.csr
-rw-r----- 1 root root    1,8K oct 26 12:16 server.key
-rw-r----- 1 root root    2,5K oct 26 12:16 server.p12
-rw-r----- 1 root root    3,5K oct 26 12:16 server.pem
-rw-r----- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r----- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r----- 1 root radiusd  578 sep 18 16:59 xpextensions

but still the same problem:

rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[293]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[240]: Errors parsing authenticate section.

I don't know what to do.

Thanks for your help.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ignore my last post. It was a permission issue. It's solved.

Thanks again four your help.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html