John,

I changed the sequence in step b) of "SERVER-SIDE" as ::
                          
                                       su -
                                       rm /etc/raddb/modules/dhcp_sqlippool
                                       cd /etc/raddb/certs
                                       make destroycerts
                                       make
                                       make client
                                       cp client.p12 /home/ajay
                                       cp ca.pem /home/ajay
                                       chmod 0644 /home/ajay/client.p12
                                       chmod 0644 /home/ajay/ca.pem
                                       chown ajay.ajay /home/ajay/client.p12                              
                                       chown ajay.ajay /home/ajay/ca.pem


However, I get the exact same earlier dreaded logs :(


On Wed, Jan 9, 2013 at 8:29 AM, John Dennis <jdennis@redhat.com> wrote:
On 01/08/2013 03:53 PM, Ajay Garg wrote:


On Tue, Jan 8, 2013 at 6:45 PM, John Dennis <jdennis@redhat.com
<mailto:jdennis@redhat.com>> wrote:

    On 01/08/2013 05:10 AM, Ajay Garg wrote:

        Could you please specify the order of scripts to be run, so that
        proper
        certificates may be generated - both for the server, and the
        client? :P


    You were given the answer. It's not just a matter of running the
    scripts it also requires knowing what the scripts output and how to
    configure *both* the client and the server with the script output.

    You've never explained what you're doing in any detail, especially
    with regard to where you're generating the client cert. In a
    previous email I explained what the server needs and what the client
    needs. Now you're going to have to put that information to use. You
    really do have to invest the energy into learning how the pieces fit
    together.


Ok.. so here goes what I have been wanting to accomplish :P


ROUTER-SIDE ::
===========

a)
Configure the router to do WPA/WPA2-Enterprise authentication.

b)
The authentication is to be done via a freeradius-server.

c)
I connect a wired-cable between the router and the
freeradius-server-machine, to have a physical medium via which the
router and the server may talk.


SERVER-SIDE ::
===========

a)
Freeradius-server is running on Fedora-17 (freeradius-2.2.0-0.fc17.i686)

b)
After installing freeradius,  the certificates are generated via (on
Fedora-17 machine) ::

                                        su -
                                        rm /etc/raddb/modules/dhcp_sqlippool
                                        cd /etc/raddb/certs
                                        make destroycerts
                                        make
                                        make client
                                        chmod 0644 client.p12
                                        chmod 0644 ca.pem

c)
Now, the freeradius is started on the Fedora-17 machine as ::

                                        sudo /usr/sbin/radiusd -X &

Server runs fine.



CLIENT-SIDE ::
===========

a)
THE SAME FEDORA-17 MACHINE ACTS AS THE CLIENT TOO :)

b)
Now, from the gnome-panel applet, I try connecting to the WPA/WPA-2
Enterprise network, by setting the following settings ::

                                         Wireless Security
:             WPA/WPA2-Enterprise
                                         Authentication
:             TLS
                                         Identity
:             Anonymous
                                         User Certificate
:             /etc/raddb/certs/client.p12
                                         CA Certificate
:            /etc/raddb/certs/ca.pem
                                         Private Key
:             /etc/raddb/certs/client.p12
                                         Private Key Password
:             whatever


c)
I click the "Connect" button.....



and then the dreaded logs happen :(

Thank you, that is a much clearer explanation.

The first thing I notice is you're pointing the client to files in a directory owned by the server. Everything from /etc/raddb and below is readable only by root:radiusd for security reasons (you don't want to expose the configuration of an authentication server to the world).

I suspect the code which reads the client cert files is running under your uid and is not a process with root privileges thus it can't read the cert files. I would try copying the client cert files to an alternate location, reset their permissions and try again.



--
John Dennis <jdennis@redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



--
Regards,
Ajay