freeradius使用中的错误总结

为什么80%的码农都做不了架构师？>>>   

环境：centos x64

系统版本：CentOS release 6.5 (Final)

内核版本：Linux version 2.6.32-431.20.3.el6.x86_64 (mockbuild@c6b9.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Thu Jun 19 21:14:45 UTC 2014

FreeRadius版本：FreeRADIUS Version 2.2.5

Refusing to start with libssl version OpenSSL 1.0.

错误信息：

Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)

For more information see http://heartbleed.com

解决方法：

参考 

https://bugzilla.redhat.com/show_bug.cgi?id=1101794

Nikolai Kondrashov 2014-06-11 05:42:50 EDT

Ah, yes, in a hurry to fix this I forgot that radiusd.conf won't be updated on upgrade, so you'll still need to add "allow_vulnerable_openssl = yes" to the "security" section manually. See also /etc/raddb/radiusd.conf.rpmnew after the upgrade.

编辑文件 /etc/raddb/radiusd.conf，将allow_vulnerable_openssl = no改为allow_vulnerable_openssl = yes。

1. recv[RADIUS]: No route to host

 

EAPOL: SUPP_BE entering state RECEIVE
recv[RADIUS]: No route to host
EAPOL: startWhen --> 0
STA 02:00:00:00:00:01: Resending RADIUS message (id=0)

Next RADIUS client retransmit in 6 seconds
recv[RADIUS]: No route to host
STA 02:00:00:00:00:01: Resending RADIUS message (id=0)

Next RADIUS client retransmit in 12 seconds
recv[RADIUS]: No route to host
Signal 2 received - terminating
EAPOL: EAP key not available
MPPE keys OK: 0  mismatch: 1
FAILURE

 

解决方法：在freeradius服务器上执行关闭防火墙
#service iptables stop

 

2. Ignoring EAP-Type/PEAP because we do not have OpenSSL support.

 

peap, tls,ttls不受freeradius支持

rlm_eap: No such sub-type for default EAP type peap
/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/inner-tunnel[236]: Failed to load module "eap".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section.

 

解决方法：安装openssl开发包openssl-devel

转载于:https://my.oschina.net/liting/blog/405158