On Dec 19, 2016, at 10:13 AM, <Dominik.A.Schorpp@ids.de> <Dominik.A.Schorpp@ids.de> wrote:
I have trouble to get 802.1x Authentication with EAP-TLS properly running.
Follow the EAP guide at: http://deployingradius.com It WILL work.
My Setup is the following: Server: FreeRADIUS Version 2.2.5, for host i586-pc-linux-gnu, built on Oct 24 2014 at 04:18:43 Switch: A NEXANS iSwitch G 1043E Client/Device: Yocto based Linux with wpa_supplicant v2.4
My Problem is the usage of the "X509v3 Extendend Key Usage" in the Certificate of the Client. If I use at the Client a Certificate with the "X509v3 Extendend Key Usage" : "TLS Web Server Authentication, TLS Web Client Authentication" the 802.1x Authentication with EAP-TLS is running Fine.
You shouldn't need all that. The files in raddb/certs will create client certificates that work. Please use them.
BUT I have the constrain that the Certificate on the Client is without "TLS Web Client Authentication" because there running absolute no Client Applications, the Device is running only some Server Applications.
So I tried to Use on the Client a Certificate with the "X509v3 Extendend Key Usage" : "TLS Web Server Authentication, EAP over Lan". But unfortunately the 802.1x Authentication with EAP-TLS did not work.\
Well... use the scripts included with FreeRADIUS. There's just no reason to *ignore* them. Alan DeKok.