How to implement EAP-TLS with freeradius and wpa_supplicant?

Zheng, Jiajia jiajia.zheng at intel.com
Wed May 12 09:56:07 CEST 2010


Sorry, I forgot the subject. 

Zheng, Jiajia wrote:
> Hi,
> I hope it is the right place to ask questions about EAP-TLS with
> radius server. 
> I installed freeradius-2.1.6 rpm package on my Fedora 10 system.
> EAP_PEAP, EAP_TTLS_CHAP, TTLS_MD5, TTLS_MSCHAP, etc. work fine.
> However, EAP-TLS handshake failed. Here are my steps to implement
> EAT-TLS with radius server.  
> 1. on server: yum install freeradius
> 2. on server: cd /etc/raddb
> 3. on server: edit users and clients.conf (see attachments)
> 4. on server: radiusd -X
> 5. I configured the AP which is wired connected to the server using
> WPA-TKIP 
> 6. copy ca.pem from server to my wireless machine.
> 6. I tried EAP_PEAP, EAP_TTLS_CHAP, TTLS_MD5, TTLS_MSCHAP on my
> wireless machine, which all worked fine. 
> 7. on server: cd /etc/raddb/certs
> 8. on server: make client.pem
> 9. copy client.pem from server to my wireless machine
> 10. run wpa_supplicant on my wireless machine: wpa_supplicant -Dwext
>  -iwlan0 -c WPA_EAP_TLS.conf WPA_EAP_TLS.conf as below,
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=wheel
> network={
> ssid="ASUS-2.4G"
> scan_ssid=1
> key_mgmt=WPA-EAP
> eap=TLS
> identity="root"
> ca_cert="./ca.pem"
> client_cert="./client.pem"
> private_key="./client.pem"
> private_key_passwd="whatever"
> }
> 11. EAP-TLS failed, see the attached tls.log for the output of radiusd
> Could you help me out on this issue?
> Is there anything I did wrong? Let me know if you need more debugging
> info. 
> 
> Thanks,
> jiajia






More information about the Freeradius-Users mailing list