EAP/TLS Authentication fail~~~~
Alan DeKok
aland at nitros9.org
Thu Apr 13 21:20:37 CEST 2006
=?gb2312?B?y+8gx78=?= <sumner007 at hotmail.com> wrote:
> now i can use EAP/MD5 get the authentication well.
> but when we use EAP/TLS, the client cannot be authenticated ~~
> I don't whether it's the problem of the freeradius server configure or CAs
> or anyother
EAP-TLS authenticates users by seeing if the certificate they supply
is signed by the certificate that the RADIUS server has. You're not
doing that:
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate
> --> verify error:num=18:self signed certificate
The user is supplying a self-signed certificate, so the server has
no way of validating who they are.
Alan DeKok.
More information about the Freeradius-Users
mailing list