Hi Phil on 02.11.2012 16:10, Phil Mayers wrote:
On 02/11/12 14:56, Erich Titl wrote:
authenticating against a MySQL database appeast to work fine using radtest
This is not really a good test. radtest is sending "pap".
Download the "wpa_supplicant" sources and compile "eapol_test".
I connected a ZyXEL NWA 3160-N (latest Firmware), generated a certificate request, signed it using XCA and reimported it on the AP.
Why does the AP need a cert?
IMHO it does not, but it has one
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca .....
There appears to be something wrong with the client certificate passed by the AP in the eap conversation. I doublechecked the certificates and googled my fingers raw on this.
No. This is a message *from* the client saying it doesn't trust the *radius server* certificate.
Ahhhh... very interesting, so the client rejects the certificate
You haven't imported your CA on the client properly.
Mhhhh.... sounds reasonable, just that the AP does not appear to want to import the CA cert, because it wants a corresponding cert request. Thanks a lot, this appears to be just the push that I needed. Erich