EAP Not Authenticating

Syed Rais Ahmad NON DRI SAhmad at darden.com
Mon Aug 31 17:34:49 CEST 2015


I have installed the certs all in PEM format. Still I get....


[suffix] No such realm "darden.com"
++[suffix] = noop
[eap] EAP packet type response id 11 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group eap {
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0d64], Certificate
--> verify error:num=20:unable to get local issuer certificate
[tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
    TLS_accept: error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
SSL: SSL_read failed in a system call (-1), TLS session fails.

Any help is appreciated.

Thanks.

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+sahmad=darden.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Wednesday, August 26, 2015 8:47 PM
To: FreeRadius users mailing list
Subject: Re: EAP Not Authenticating 

On Aug 26, 2015, at 5:02 PM, Syed Rais Ahmad NON DRI <SAhmad at darden.com> wrote:

> I am using EAP for authenticating WiFi Clients with Certificate on their machines. However RADIUS won't authenticate.
> Any help is appreciated.
> ...
> Eventually I get:
> 
> Cleaning up request 6 ID 62 with timestamp +12
> WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> WARNING: !! EAP session for state 0xcc8a4efdca835761 did not finish!
> WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility

  What part of that message is unclear?

  Alan DeKok.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This e-mail message is for the sole use of the intended recipient and may contain information that is confidential, proprietary or privileged.  Any unauthorized review, use, distribution, copying or disclosure is strictly prohibited.  If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, please notify sender of the delivery error by replying to this message and then delete it from your system.  Receipt by anyone other than the intended recipient is not a waiver of confidentiality or privilege.



More information about the Freeradius-Users mailing list