No subject

Zheng, Jiajia jiajia.zheng at intel.com
Wed May 12 09:43:49 CEST 2010 

Hi, 
I hope it is the right place to ask questions about EAP-TLS with radius server. 
I installed freeradius-2.1.6 rpm package on my Fedora 10 system. EAP_PEAP, EAP_TTLS_CHAP, TTLS_MD5, TTLS_MSCHAP, etc. work fine. However, EAP-TLS handshake failed. 
Here are my steps to implement EAT-TLS with radius server. 
1. on server: yum install freeradius
2. on server: cd /etc/raddb
3. on server: edit users and clients.conf (see attachments)
4. on server: radiusd -X
5. I configured the AP which is wired connected to the server using WPA-TKIP
6. copy ca.pem from server to my wireless machine. 
6. I tried EAP_PEAP, EAP_TTLS_CHAP, TTLS_MD5, TTLS_MSCHAP on my wireless machine, which all worked fine. 
7. on server: cd /etc/raddb/certs
8. on server: make client.pem
9. copy client.pem from server to my wireless machine
10. run wpa_supplicant on my wireless machine: wpa_supplicant -Dwext -iwlan0 -c WPA_EAP_TLS.conf 
 WPA_EAP_TLS.conf as below,
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="ASUS-2.4G"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TLS
identity="root"
ca_cert="./ca.pem"
client_cert="./client.pem"
private_key="./client.pem"
private_key_passwd="whatever"
}
11. EAP-TLS failed, see the attached tls.log for the output of radiusd 
Could you help me out on this issue?
Is there anything I did wrong? Let me know if you need more debugging info. 

Thanks, 
jiajia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: users
Type: application/octet-stream
Size: 6564 bytes
Desc: users
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100512/4267a4b1/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tls.log
Type: application/octet-stream
Size: 31095 bytes
Desc: tls.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100512/4267a4b1/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clients.conf
Type: application/octet-stream
Size: 6496 bytes
Desc: clients.conf
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100512/4267a4b1/attachment-0002.obj>

More information about the Freeradius-Users mailing list