On 02/11/12 14:56, Erich Titl wrote:
authenticating against a MySQL database appeast to work fine using radtest
This is not really a good test. radtest is sending "pap". Download the "wpa_supplicant" sources and compile "eapol_test".
I connected a ZyXEL NWA 3160-N (latest Firmware), generated a certificate request, signed it using XCA and reimported it on the AP.
Why does the AP need a cert?
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca .....
There appears to be something wrong with the client certificate passed by the AP in the eap conversation. I doublechecked the certificates and googled my fingers raw on this.
No. This is a message *from* the client saying it doesn't trust the *radius server* certificate. You haven't imported your CA on the client properly.