On 09/17/2010 11:00 AM, Klaus Laus wrote:
thanks a lot for your answer.
Either move the "files" module before "eap", or use unlang to set it:
authorize { ... update control { EAP-TLS-Require-Client-Cert = yes } eap ... } I did the changes in the authorize section, and freeradius seems to require the client certificate. But the server is not accept my certificate. I don't think that the certificate is bad because I can login any client with the same certificate when I use TLS instead of PEAP. This is my way to login with PEAP on a windows xp client maybe I do anything wrong? : I import the pksc12 certificate from the freeradius server in the windows xp certificate management. When I type certmgr.msc under "run" I can see that the certificate is successfully imported. Then I scan for the wireless networks and connect to wifix, I use PEAP with MSCHAP v.2 and type in testuser as user with the correct password. Here you can see the debug output (freeradius did not find my certificate):
That's right, the server didn't get your cert, it's right in the debug. As Alan said this isn't a server issue, it's a client issue, figure out why your client is not returning a cert.
TLS Alert write:fatal:handshake failure TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate SSL: SSL_read failed in a system call (-1), TLS session fails. -- John Dennis <jdennis@redhat.com>
Looking to carve out IT costs? www.redhat.com/carveoutcosts/