Hi, thanks for your reply. Am 04.04.2011 16:27, schrieb Stefan Winter:
Hi,
PEAP can work with or without client certs. Both run through the "tls" instance; that is no error. The problem is much rather here:
Sending Access-Challenge of id 219 to ... port 32769 Waking up in 2.0 seconds. Cleaning up request 0 ID 219 with timestamp +3 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x3abc7e1c3abf6764 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. The client probably doesn't like the server certificate, and stops talking to the server.
When you cloned your RADIUS server, did you give the clone a different certificate afterwards? FreeRADIUS will generate a sample one on first start. If your client only trusts the old one, it won't talk to the new one... The original radius has a trusted certificate, signed by our CA. The clone has also a trusted certificate with its DN registred in DNS. I edited the corresponding section in eap.conf and placed the filename of the new certificate- and keyfile.
private_key_file = ${certdir}/roaming.key certificate_file = ${certdir}/roaming.pem The certificates were generate with the same attributes (exept the DN).