John,<br><br>I changed the sequence in step b) of "SERVER-SIDE" as ::<br> <br> su -<br><div> rm /etc/raddb/modules/dhcp_sqlippool<br>
cd /etc/raddb/certs<br> make destroycerts<br> make<br> make client<br>
cp client.p12 /home/ajay<br> cp ca.pem /home/ajay<br>
chmod 0644 /home/ajay/client.p12<br> chmod 0644 /home/ajay/ca.pem<br> chown ajay.ajay /home/ajay/client.p12 <div>
chown ajay.ajay /home/ajay/ca.pem</div></div><br><br>However, I get the exact same earlier dreaded logs :(<br><br><br><div class="gmail_quote">On Wed, Jan 9, 2013 at 8:29 AM, John Dennis <span dir="ltr"><<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 01/08/2013 03:53 PM, Ajay Garg wrote:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
<br>
<br>
On Tue, Jan 8, 2013 at 6:45 PM, John Dennis <<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a><br></div><div><div class="h5">
<mailto:<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a>>> wrote:<br>
<br>
On 01/08/2013 05:10 AM, Ajay Garg wrote:<br>
<br>
Could you please specify the order of scripts to be run, so that<br>
proper<br>
certificates may be generated - both for the server, and the<br>
client? :P<br>
<br>
<br>
You were given the answer. It's not just a matter of running the<br>
scripts it also requires knowing what the scripts output and how to<br>
configure *both* the client and the server with the script output.<br>
<br>
You've never explained what you're doing in any detail, especially<br>
with regard to where you're generating the client cert. In a<br>
previous email I explained what the server needs and what the client<br>
needs. Now you're going to have to put that information to use. You<br>
really do have to invest the energy into learning how the pieces fit<br>
together.<br>
<br>
<br>
Ok.. so here goes what I have been wanting to accomplish :P<br>
<br>
<br>
ROUTER-SIDE ::<br>
===========<br>
<br>
a)<br>
Configure the router to do WPA/WPA2-Enterprise authentication.<br>
<br>
b)<br>
The authentication is to be done via a freeradius-server.<br>
<br>
c)<br>
I connect a wired-cable between the router and the<br>
freeradius-server-machine, to have a physical medium via which the<br>
router and the server may talk.<br>
<br>
<br>
SERVER-SIDE ::<br>
===========<br>
<br>
a)<br>
Freeradius-server is running on Fedora-17 (freeradius-2.2.0-0.fc17.i686)<br>
<br>
b)<br>
After installing freeradius, the certificates are generated via (on<br>
Fedora-17 machine) ::<br>
<br>
su -<br>
rm /etc/raddb/modules/dhcp_<u></u>sqlippool<br>
cd /etc/raddb/certs<br>
make destroycerts<br>
make<br>
make client<br>
chmod 0644 client.p12<br>
chmod 0644 ca.pem<br>
<br>
c)<br>
Now, the freeradius is started on the Fedora-17 machine as ::<br>
<br>
sudo /usr/sbin/radiusd -X &<br>
<br>
Server runs fine.<br>
<br>
<br>
<br>
CLIENT-SIDE ::<br>
===========<br>
<br>
a)<br>
THE SAME FEDORA-17 MACHINE ACTS AS THE CLIENT TOO :)<br>
<br>
b)<br>
Now, from the gnome-panel applet, I try connecting to the WPA/WPA-2<br>
Enterprise network, by setting the following settings ::<br>
<br>
Wireless Security<br>
: WPA/WPA2-Enterprise<br>
Authentication<br>
: TLS<br>
Identity<br>
: Anonymous<br>
User Certificate<br>
: /etc/raddb/certs/client.p12<br>
CA Certificate<br>
: /etc/raddb/certs/ca.pem<br>
Private Key<br>
: /etc/raddb/certs/client.p12<br>
Private Key Password<br>
: whatever<br>
<br>
<br>
c)<br>
I click the "Connect" button.....<br>
<br>
<br>
<br>
and then the dreaded logs happen :(<br>
</div></div></blockquote>
<br>
Thank you, that is a much clearer explanation.<br>
<br>
The first thing I notice is you're pointing the client to files in a directory owned by the server. Everything from /etc/raddb and below is readable only by root:radiusd for security reasons (you don't want to expose the configuration of an authentication server to the world).<br>
<br>
I suspect the code which reads the client cert files is running under your uid and is not a process with root privileges thus it can't read the cert files. I would try copying the client cert files to an alternate location, reset their permissions and try again.<div class="HOEnZb">
<div class="h5"><br>
<br>
<br>
-- <br>
John Dennis <<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a>><br>
<br>
Looking to carve out IT costs?<br>
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Regards,<br>Ajay<br>