Alan DeKok wrote:
Zheng, Jiajia wrote:
11. EAP-TLS failed, see the attached tls.log for the output of radiusd Could you help me out on this issue?
Paste the debug output into the "self-help" form at:
http://networkradius.com/freeradius.html
Look for red text.
Is there anything I did wrong? Let me know if you need more debugging info.
The debug log already shows everything you need to know.
The CA used by the client is *not* the same as the CA used by the server.
Yes, from the debug log, we can tell that the CA is wrong. But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes wrong with EAP-TLS? Here is my configure file for EAP-TTLS which works. WPA_EAP_TTLS_CHAP.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="ASUS-2.4G" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS identity="root" password="wireless" ca_cert="./ca.pem" phase2="auth=CHAP" } Here is my configure file for EAP-TLS which fails authentication. WPA_EAP_TLS.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="ASUS-2.4G" scan_ssid=1 key_mgmt=WPA-EAP eap=TLS identity="root" ca_cert="./ca.pem" client_cert="./client.pem" private_key="./client.pem" private_key_passwd="whatever" } The client.pem used by client was also copied from server. Is there anything wrong with my configure file? I also attached the *.pem. Thanks, jiajia