No luck connecting from a ZyXEL NWA3160-N AP

Phil Mayers p.mayers at imperial.ac.uk
Fri Nov 2 16:10:13 CET 2012


On 02/11/12 14:56, Erich Titl wrote:

> authenticating against a MySQL database appeast to work fine using radtest

This is not really a good test. radtest is sending "pap".

Download the "wpa_supplicant" sources and compile "eapol_test".

> I connected a ZyXEL NWA 3160-N (latest Firmware), generated a
> certificate request, signed it using XCA and reimported it on the AP.

Why does the AP need a cert?

> [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
>      TLS_accept: failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> .....
>
> There appears to be something wrong with the client certificate passed
> by the AP in the eap conversation. I doublechecked the certificates and
> googled my fingers raw on this.

No. This is a message *from* the client saying it doesn't trust the 
*radius server* certificate.

You haven't imported your CA on the client properly.


More information about the Freeradius-Users mailing list