Hi all, i am connecting network-manager to freeradius server. It showing access reject. I am using server.crt which is provided by freeradius it self. Please check and reply. error paste below rad_recv: Access-Request packet from host 192.168.21.2 port 32768, id=0, length=153 Cleaning up request 95 ID 0 with timestamp +543 User-Name = "testing123" NAS-IP-Address = 192.168.21.2 Called-Station-Id = "30469a872e66" Calling-Station-Id = "1caff76ce38c" NAS-Identifier = "30469a872e66" NAS-Port = 3 Framed-MTU = 1400 State = 0x05139c0406178548b5e80cb0708716d1 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204001119800000000715030100020230 Message-Authenticator = 0xfd142706451c8cf676b90ad74a062ecb # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "testing123", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 17 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 7 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation [peap] eaptls_process returned 4 [peap] EAPTLS_OTHERS [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testing123 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 96 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 96 Sending Access-Reject of id 0 to 192.168.21.2 port 32768 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. -- Warm Regards Harish Mandowara -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Harish Mandowara wrote:
i am connecting network-manager to freeradius server. It showing access reject. I am using server.crt which is provided by freeradius it self. Please check and reply. error paste below
Read it. The CA cert isn't known. Follow the 4 steps on the front page of my web site: http://deployingradius.com It *will* work. Alan DeKok.
participants (2)
-
Alan DeKok -
Harish Mandowara