problem with eap-tls between FR and XP client
Alan DeKok
aland at deployingradius.com
Thu May 7 11:05:30 CEST 2009
bLn wrote:
> I'm trying to connect a Windows XP client (also I'm trying with Vista)
> with freeradius with EAP-TLS. I made my set of certificates (from this
> site http://www.linuxjournal.com/node/8095/print)
Why? If you just start the server in debugging mode after you first
install it, it will create temporary certificates for you. The
radb/certs directory also has Makefiles and OpenSSL configuration files
that allow you to easily create certificates.
Did you not see them when you edited the RADIUS configuration?
Did you not see the *DOCUMENTATION* saying that this happened when you
edited the "tls" section of "eap.conf" ?
> When I try to connect with freeradius my log is this: (it's too long
> because I see the same request again and again)
...
> Sending Access-Challenge of id 171 to 10.0.0.1 port 3072
> EAP-Message = 0x0108000a0d8000000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x2f6428b72c6c25c07b0fb3246e0f1a2d
> Finished request 12.
> Going to the next request
> Waking up in 0.8 seconds.
> Cleaning up request 0 ID 159 with timestamp +21
Yes. This is a common problem. The discussion of the cause, and how
to fix it, is in the FAQ, and in the comments in eap.conf.
Where should we put documentation so that you will READ it?
Apparently including it with the server doesn't help.
> I've tried with AP Mikrotiks too and I got the same error, I think
> freeradius is waiting for the request from client and this doesn't back
> never, but I'm not sure.
The reason is documented. Lots.
I've never been able to understand why people spend huge amounts of
time working with third-party web sites and guides that are YEARS out of
date, when they could just read the documentation included with the server.
Alan DeKok.
More information about the Freeradius-Users
mailing list