problems with EAP-TTLS with Intermec GUN 2415

Phil Mayers p.mayers at
Fri Feb 17 21:41:04 CET 2006

Johan Arens wrote:
> Well thanks for the answers.
> What is puzzled me, is the error message error reading client 
> certificate, it's like freeradius is waiting the client send it's 
> certificate.

Yes, it's a misleading error message, but trust me it's meaningless. 
Lots of people get it. My working PEAP server gets it.

> However with TTLS, the client doen't have a client certificate. It only 

Indeed. However you can still ask the TLS connection for it, you just 
don't get it AND it's not a problem. You're seeing the error because the 
code is generalised between the TLS and TTLS paths (I think - or maybe 
it was copy'n'pasted)

> has a copy of the root certificate. I'm going to setup a wpa_supplicant 
> with a linux client to try to make it work.

FWIW the "eapol_test" program that comes with wpa_supplicant is also 
very useful for verifying you've got the radius bit working without 
having to fiddle with APs.

More information about the Freeradius-Users mailing list