The EAP Saga begins.

Evan Vittitow evan at terralab.com
Sun Jan 28 23:23:56 CET 2007


I got a "Lull" in my school work long enough such that I can work on
Free Radius, homework combined with minor Illness did that.

Allright, just so everyone is on the same page. I want to implement Host
based 802.1X with PEAP or EAP-TLS. Currently, all my Samba Hosts have a
Object in the LDAP database that looks like
uid=kurama$,ou=Hosts,dc=pukey where Kurama is the host name.

There isn't a pasword because this isn't user based. Its Host. I want
the Linux Hosts (All running Mandriva 2007) to be able to use
Xsupplicant to authenticate to the Wireless network with their valid TLS
Cert.

But whenever I try, I get

[CONFIG] Working from config file /etc/xsupplicant.conf.
Network ID from EAP hint : Pukey
If this is a wired network, the above ID can be used in the
configuration file to identify this network.
[CONFIG] Working from config file /etc/xsupplicant.conf.
[CONFIG] Identity : kurama
[CONFIG] Socket 4 (frame handler) had an event!
[CONFIG] Trying to load root certificate /etc/raddb/certs/cert-clt.pem
or certificate directory (null)
[CONFIG] Loaded root certificate /etc/raddb/certs/cert-clt.pem and
directory (null)
[CONFIG] Socket 4 (frame handler) had an event!
OpenSSL Error -- error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Library  : SSL routines
Function : SSL3_GET_SERVER_CERTIFICATE
Reason   : certificate verify failed




More information about the Freeradius-Users mailing list