freeRADIUS 3.0.4, NetworkManager 1.0.6-27.el7, and wpa_supplicant v2.0 client side cert issues?

John Teasley ollieteasley at gmail.com
Wed Feb 10 01:39:10 CET 2016


Hello,

I wanted to post what I had to do in order to get NetworkManager EAP-TLS
connections to work. I am hoping that someone can tell me if I am wrong or,
if the issue is NetworkManager.

1. eapol_test works fine.
2. Direct wpa_supplicant config works fine.
3. Unless importing the radiusd CA into the client, a unknown CA error is
thrown. Now, I dont like the idea of doing the below; however, it was the
only way on fc22 with the versions stated above to get connected via
NetworkManager.

AS root :
    > cp /home/user/CERTS/radius_ca.pem /etc/pki/ca-trust/source/anchors/
    >update-ca-trust

5. Connections to EAP-TLS via NetworkManager now work.
6. PROBLEM, I don't want a private CA set globally. A vpn connection does
not do this when using
    private CA. Also, wpa_supplicant works with out the CA being imported
into the global store.

7. I REALLY DONT LIKE THE SELF SIGNED / PRIVATE CA GLOBALLY.

Does anyone see any obvious mistakes in what a described above?

Ollie Teasley
Linux Administrator
ISMELL.SHOES, LLC


More information about the Freeradius-Users mailing list