John,
I changed the sequence in step b) of "SERVER-SIDE" as ::
su -
On 01/08/2013 03:53 PM, Ajay Garg wrote:
<mailto:jdennis@redhat.com>> wrote:
On 01/08/2013 05:10 AM, Ajay Garg wrote:
Could you please specify the order of scripts to be run, so that
proper
certificates may be generated - both for the server, and the
client? :P
You were given the answer. It's not just a matter of running the
scripts it also requires knowing what the scripts output and how to
configure *both* the client and the server with the script output.
You've never explained what you're doing in any detail, especially
with regard to where you're generating the client cert. In a
previous email I explained what the server needs and what the client
needs. Now you're going to have to put that information to use. You
really do have to invest the energy into learning how the pieces fit
together.
Ok.. so here goes what I have been wanting to accomplish :P
ROUTER-SIDE ::
===========
a)
Configure the router to do WPA/WPA2-Enterprise authentication.
b)
The authentication is to be done via a freeradius-server.
c)
I connect a wired-cable between the router and the
freeradius-server-machine, to have a physical medium via which the
router and the server may talk.
SERVER-SIDE ::
===========
a)
Freeradius-server is running on Fedora-17 (freeradius-2.2.0-0.fc17.i686)
b)
After installing freeradius, the certificates are generated via (on
Fedora-17 machine) ::
su -
rm /etc/raddb/modules/dhcp_sqlippool
cd /etc/raddb/certs
make destroycerts
make
make client
chmod 0644 client.p12
chmod 0644 ca.pem
c)
Now, the freeradius is started on the Fedora-17 machine as ::
sudo /usr/sbin/radiusd -X &
Server runs fine.
CLIENT-SIDE ::
===========
a)
THE SAME FEDORA-17 MACHINE ACTS AS THE CLIENT TOO :)
b)
Now, from the gnome-panel applet, I try connecting to the WPA/WPA-2
Enterprise network, by setting the following settings ::
Wireless Security
: WPA/WPA2-Enterprise
Authentication
: TLS
Identity
: Anonymous
User Certificate
: /etc/raddb/certs/client.p12
CA Certificate
: /etc/raddb/certs/ca.pem
Private Key
: /etc/raddb/certs/client.p12
Private Key Password
: whatever
c)
I click the "Connect" button.....
and then the dreaded logs happen :(
Thank you, that is a much clearer explanation.
The first thing I notice is you're pointing the client to files in a directory owned by the server. Everything from /etc/raddb and below is readable only by root:radiusd for security reasons (you don't want to expose the configuration of an authentication server to the world).
I suspect the code which reads the client cert files is running under your uid and is not a process with root privileges thus it can't read the cert files. I would try copying the client cert files to an alternate location, reset their permissions and try again.