Hi, PEAP can work with or without client certs. Both run through the "tls" instance; that is no error. The problem is much rather here:
Sending Access-Challenge of id 219 to ... port 32769 Waking up in 2.0 seconds. Cleaning up request 0 ID 219 with timestamp +3 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x3abc7e1c3abf6764 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests.
The client probably doesn't like the server certificate, and stops talking to the server. When you cloned your RADIUS server, did you give the clone a different certificate afterwards? FreeRADIUS will generate a sample one on first start. If your client only trusts the old one, it won't talk to the new one... Greetings, Stefan Winter
eap.conf:
eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no
md5 { }
tls { certdir = /etc/hostcertkey cadir = /etc/cacert dh_file = ${certdir}/dh private_key_file = ${certdir}/roaming.key certificate_file = ${certdir}/roaming.pem CA_file = ${cadir}/chain.txt dh_file = ${certdir}/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" }
ttls { default_eap_type = mschapv2 copy_request_to_tunnel = yes #use_tunneled_reply = yes virtual_server = "eduroam-inner-tunnel" }
peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes #use_tunneled_reply = yes #proxy_tunneled_request_as_eap = yes virtual_server = "eduroam-inner-tunnel" }
mschapv2 { } }
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473