Multiple EAP-TLS modules with different certificates
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Fri Apr 2 11:09:08 CEST 2010
Hi Alan,
Thank you for your prompt answer.
Alan DeKok a écrit :
> Yes. Others use multiple certs && multiple EAP modules.
>
Thanks for this answer, this confirms that I'm on the right way.
>> A quick look at FR debug logs confirms, as far as I can read them, that
>> the client is refusing the radius server certificate.
>>
>
> I don't think that's in the debug log.
>
You're right it's not clearly writtent in the FR logs, but the fact the
TLS exchanges just stop at a given time help me suppose the origin of
the problem (which is confirmed bu reconfiguring the supplicant).
>> Is there a client tool to check which certificate is used by FR ?
>>
>
> wireshark might do it.
>
You're right, I'll do this.
>
>> Have I missed something in the setup ?
>>
>
> Did you test each piece in isolation before putting it all together?
>
No because I'm working on my production radius server and I didn't want
to break my old SSID (which I unintentionally did anyway for 5 minutes).
I'll make more tests and will triple check my setup now I know that it's
possible.
Many thanks again for your answer.
Regards,
Thibault
More information about the Freeradius-Users
mailing list