EAP advanced auth. methods problem

Tomas Pelka tompelka at gmail.com
Sun Nov 29 01:01:04 CET 2009


tnt at kalik.net wrote:
>> Paul Ryszka wrote:
>>> On Mon, 2009-11-23 at 20:37 +0100, Tomas Pelka wrote:
>>>> tnt at kalik.net wrote:
>>>>>> Also tried modify wpa_supplicant conf:
>>>>>>
>>>>>> - ca_cert="ca.pem"
>>>>>> + ca_cert="server.pem"
>>>>>>
>>>>>> But with the same result.
>>>>> Because the path is wrong, ie. certificate is not there. Put the
>>>>> correct
>>>>> path to where you have imported the certificate.
>>>>>
>>>>> Ivan Kalik
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>> Sorry, but I'm still more than confused.
>>>>
>>>> Problem is on the server site, isn't it? CA and server certs are now in
>>>> same dir as whole RADIUS configuration, is necessary put certs into
>>>> "trusted" directory like /etc/ssl/certs?
>>>>
>>>> Thanks for advice.
>>>>
>>> I think that the idea was to put the full path to certificates in the
>>> conf file like :
>>> ca_cert="/full/path/to/server.pem"
>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>> Same result, full path on both sites (client/server).
> 
> If ca certificate on the client is where ca_cert configuration item is
> pointing the problem must be with permissions.
> 
> Ivan Kalik
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Permissions are now 600 for client.[pem|key] and [ca|server].pem (still
using ca and also server certificate on client), but the result is similar.




-- 
Tom

Key fingerprint = 06C0 23C6 9EB7 0761 9807  65F4 7F6F 7EAB 496B 28AA
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.client(ca.pem).out
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091129/f02e5653/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.client(server.pem).out
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091129/f02e5653/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.server.out
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091129/f02e5653/attachment-0002.ksh>


More information about the Freeradius-Users mailing list