Wiedemann, Joerg wrote:
I got a little further in using eapol_test. Now the radius server reports the following.
There is a lot... but reading it for "error" and "failure" doesn't hurt, either. ...
[tls] <<< TLS 1.0 Handshake [length 0382], Certificate --> verify error:num=20:unable to get local issuer certificate [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert write:fatal:unknown CA TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user.
The certs you are using are wrong or non-existent. Follow the guide on http://deployingradius.com to get EAP working. There is also an EAP-TLS "howto" on freeradius.org, and on the wiki. Alan DeKok.