AW: EAP/TLS authentication timeout
Alan DeKok
aland at deployingradius.com
Wed Nov 4 14:37:18 CET 2009
Wiedemann, Joerg wrote:
> I got a little further in using eapol_test. Now the radius server
> reports the following.
There is a lot... but reading it for "error" and "failure" doesn't
hurt, either.
...
> [tls] <<< TLS 1.0 Handshake [length 0382], Certificate
> --> verify error:num=20:unable to get local issuer certificate
> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert write:fatal:unknown CA
> TLS_accept:error in SSLv3 read client certificate B
> rlm_eap: SSL error error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> SSL: SSL_read failed in a system call (-1), TLS session fails.
> TLS receive handshake failed during operation
> [tls] eaptls_process returned 4
> [eap] Handler failed in EAP/tls
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
The certs you are using are wrong or non-existent.
Follow the guide on http://deployingradius.com to get EAP working.
There is also an EAP-TLS "howto" on freeradius.org, and on the wiki.
Alan DeKok.
More information about the Freeradius-Users
mailing list