What kind of error in client-cert using EAP?

Collen Blijenberg collen at mail.hermanjordan.nl
Tue Sep 19 09:07:03 CEST 2006


We've got the same error here... but it's not terminal

we use eap+tls (wpa-enterprise). server has certificate, but (as alan 
mentioned) there is no client certificate
it's also not needed. so you can ignore the error if you use eap+tls 
(peap - mschapv2 + user/pass)

i did use Auth-Type := eap , and it does work with our server so, dunno 
why you have to leave this out.
my guesses is that you have an other problem....
can you be more explicit what the trouble is...

Cheers

Collen.

Alan DeKok wrote:
> Alexandros Gougousoudis <gougousoudis at kh-berlin.de> wrote:
>   
>>      TLS_accept:error in SSLv3 read client certificate A
>>     
> ...
>   
>> Which indicates that there is a problem in the client-cert.
>>     
>
>   No.  It means that there is NO client cert.  The authentication
> process continues, so it's obviously not a catastrophic problem.
>
>   For PEAP and TTLS, there *is* no client cert.
>
>   
>> It means also that in my authorize section (Auth-Type := EAP)
>>     
>
>   Can you explain why you're doing this?  All of the server
> documentation, and many posts on this list say it's wrong.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list