Martin Ubank wrote:
Martin Ubank wrote:
The following lines from the output of the 'eapol_test' command seem to indicate a problem with the root certificate.: OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:00000000:lib(0):func(0):reason(0)
Fix that and it should work.
I've not been able to fix it yet. The Openssl-Users list hasn't been able to suggest anything.
I am running 'eapol_test -c test.conf -s testing123' from the CentOS VM on which FreeRadius is installed.
If it's an error from eapol_test, ask on the hostap list. I really don't know enough about OpenSSL to say more.
The 'bootstrap' script contains:
Yes... we know.
From this script, I understand that: ca.der is created by 'openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der'; ca.key & ca.pem are created by 'openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf'.
So, how does FreeRadius expect to load the root certificate from ca.der?
It uses OpenSSL/
If it can't, then what file should be in the ca_cert directive in my test.conf file?
No idea.
Or, is 'eapol_test' not the correct way to test "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP"?
It is one way to test. In 2.1.12, you can use radclient to send MS-CHAP packets to the server. See raddb/sites-available/inner-tunnel Alan DeKok.