no not windows it was via a wifi CPE (ruckus cpe) On Wed, Jan 21, 2009 at 5:04 PM, <tnt@kalik.net> wrote:
I have created all the certs etc using FR bootstrap and "make client" .. I have made sure my eap.conf info is all correct.. Yest here is what i'm receiving in the logs , thanks for any input
rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0007], Certificate rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal handshake_failure TLS Alert write:fatal:handshake failure TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. eaptls_process returned 13 rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user.
That's Windows, right? You have properly installed the client certificate into the certificate store but Windows won't send it? When you open certificate properties it goes on about "not being able to validate certificate"?
Try altering Makefile in raddb/certs and signing client certificate with ca instead of server certificate.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html