Am 05.04.2011 10:18, schrieb Stefan Winter:
Hi,
The complete certification path is installed on the client. The client don't have an extra client certificate, server certificate check is turned off in wireless settings. Turned off? Thanks, that's a new piece of info! That would hint towards a different problem indeed.
Original radius works fine, with both SSIDs, new radius does not. So what's wrong? The debug output still points towards: the client doesn't want to speak to the server after starting the EAP conversation. If it's not a certificate problem, something else is different between the two RADIUS servers. What did you do after cloning the VM? Did you upgrade FreeRADIUS from an older version maybe? No, the machines are indetical, only changed IP, hostname and certificates. No updates or something. It would certainly help if you could post the debug output of the old server vs. the new one; for the EAP conversation in its entirety, not just the last packet exchange. I put the debug output in appendix. Sorry i had to remove passwords and IPs because of security reasons, i think you will understand ;-) If you positively want to rule out that the certificate change was the problem, you could, if your CA's policy allows, install the old server's certificate on the new instance. For IEEE 802.1X, there is no requirement that DNS names and CN/subjectAltNames match. This was the first thing i tried... Greetings,
Stefan Winter Juergen