freeradius使用中的错误总结

环境:centos x64
系统版本:CentOS release 6.5 (Final)
内核版本:Linux version 2.6.32-431.20.3.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Thu Jun 19 21:14:45 UTC 2014
FreeRadius版本:FreeRADIUS Version 2.2.5

Refusing to start with libssl version OpenSSL 1.0.

错误信息:
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com

解决方法:
参考 
https://bugzilla.redhat.com/show_bug.cgi?id=1101794

Nikolai Kondrashov 2014-06-11 05:42:50 EDT
Ah, yes, in a hurry to fix this I forgot that radiusd.conf won't be updated on upgrade, so you'll still need to add "allow_vulnerable_openssl = yes" to the "security" section manually. See also /etc/raddb/radiusd.conf.rpmnew after the upgrade.
编辑文件 /etc/raddb/radiusd.conf,将allow_vulnerable_openssl = no改为allow_vulnerable_openssl = yes。

1. recv[RADIUS]: No route to host

 

EAPOL: SUPP_BE entering state RECEIVE
recv[RADIUS]: No route to host
EAPOL: startWhen --> 0
STA 02:00:00:00:00:01: Resending RADIUS message (id=0)

Next RADIUS client retransmit in 6 seconds
recv[RADIUS]: No route to host
STA 02:00:00:00:00:01: Resending RADIUS message (id=0)

Next RADIUS client retransmit in 12 seconds
recv[RADIUS]: No route to host
Signal 2 received - terminating
EAPOL: EAP key not available
MPPE keys OK: 0  mismatch: 1
FAILURE

 

解决方法:在freeradius服务器上执行关闭防火墙
#service iptables stop

 

2. Ignoring EAP-Type/PEAP because we do not have OpenSSL support.

 

peap, tls,ttls不受freeradius支持

rlm_eap: No such sub-type for default EAP type peap
/usr/local/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/usr/local/etc/raddb/sites-enabled/inner-tunnel[236]: Failed to load module "eap".
/usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section.

 

解决方法:安装openssl开发包openssl-devel




你可能感兴趣的:(freeradius使用中的错误总结)