On Feb 21, 2021, at 10:57 PM, Tyler Montney <montneytyler@gmail.com> wrote:
Version 3.0.16, running on Ubuntu 18.04.
While running freeradius -X and trying to connect a user (Ubiquiti controller), I see "eap_peap: ERROR: TLS Alert read:fatal:unknown CA".
What is the user system running? How does it authenticate?
/etc/freeradius/3.0/mods-enabled/eap has its tls-config tls-common section like
private_key_file = /etc/freeradius/3.0/certs/letsencrypt/privkey.pem certificate_file = /etc/freeradius/3.0/certs/letsencrypt/cert.pem ca_file = /etc/ssl/certs/ca-certificates.crt
That's good.
My CA was copied to /usr/local/share/ca-certificates/ and ran dpkg-reconfigure ca-certificates. I then checked ca-certificates.crt and confirmed my CA was appended to the bottom.
That's not. You haven't described what you're using to authenticate. Where does it get the certificates from? The certificate store you edited is used for web authentication, not WiFi. You need to read the documentation for your system to see how to get WiFi authentication working. This isn't a FreeRADIUS issue. Alan DeKok.