On Feb 9, 2022, at 3:29 PM, Wayne Fillmer via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I am attempting to setup a freeRADIUS server in a lab environment on Ubuntu 18.04. This server is used to test a WPA supplicant implementation on a piece of portable hardware. I feel reasonably confident the supplicant and nas (Cisco 2950) are configured correctly. I am very much unfamiliar with freeradius - that means I could get pretty far using the available documentation until I ran into trouble. Now I have no idea what to do.
Everything seems to be working according to the guide up until making production certs. I have performed eapol_test tests using the snakeoil certs.
Note: I have created the user "bob" and still have the pwd "hello" at the top of my "users" file. I am using user "bob" and pwd: "hello" when I attempt to connect from the supplicant
When I create production certs (deployingradius.com instructions) and attempt to authenticate I see the following error (log is followed by excerpts of my .cnf files):\\
You didn't install the correct CA on the supplicant.
(9) eap_peap: <<< recv TLS 1.2 [length 0002] (9) eap_peap: ERROR: TLS Alert read:fatal:unknown CA (9) eap_peap: TLS_accept: Need to read more data: error (9) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
The supplicant sent a TLS error to FreeRADIUS, saying "I don't know the CA used to sign your server certificate, so I don't trust you, and I won't talk to you". Install the production CA on the supplicant. Alan DeKok.