Hi guys, I've just installed a freeradius+mysql on a debian 6.0.3, first test from localhost with radtest and mysql user auth (radcheck table) worked well, 2nd test with radeaptest with mysql and md5 eap method worked well too, but I don't find a way to make it work with eap+tls: Here's my error output: *[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation* For what I've read, either I must create my own certs for eap+tls or I can disable TLS, for the 1st, I've followed 'n' guides on the web but none seems to work for me and for the second, I just dont find where to disable the eap with TLS. I don't really want to use TLS, so if you help me to disable TLS, it'll be fine for me. Please, I'd very much apreciatte your assistance. Thanks in advance. Enrique
Enrique Llanos Vargas wrote:
I've just installed a freeradius+mysql on a debian 6.0.3, first test from localhost with radtest and mysql user auth (radcheck table) worked well, 2nd test with radeaptest with mysql and md5 eap method worked well too, but I don't find a way to make it work with eap+tls:
Follow the EAP-TLS guide on the web site. It *will* work.
Here's my error output:
*[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A
That is relatively clear: the client certificate was signed by an unknown CA.
For what I've read, either I must create my own certs for eap+tls
Uh... that's how TLS works. You sign client certificates.
or I can disable TLS, for the 1st, I've followed 'n' guides on the web but none seems to work for me and for the second, I just dont find where to disable the eap with TLS.
I don't really want to use TLS, so if you help me to disable TLS, it'll be fine for me.
Disabling TLS is simple: delete the "tls {...}" block from eap.conf. Alan DeKok.
On Fri, Nov 18, 2011 at 3:02 AM, Enrique Llanos Vargas <ellanosv@gmail.com> wrote:
I don't find a way to make it work with eap+tls:
I don't really want to use TLS, so if you help me to disable TLS, it'll be fine for me.
You want to make it work with eap+tls, but you don't really want to use TLS? It doesn't make sense. -- Fajar
participants (3)
-
Alan DeKok -
Enrique Llanos Vargas -
Fajar A. Nugraha