How to implement EAP-TLS with freeradius and wpa_supplicant?
Zheng, Jiajia
jiajia.zheng at intel.com
Thu May 13 04:53:31 CEST 2010
Alan DeKok wrote:
> Zheng, Jiajia wrote:
>>> 11. EAP-TLS failed, see the attached tls.log for the output of
>>> radiusd Could you help me out on this issue?
>
> Paste the debug output into the "self-help" form at:
>
> http://networkradius.com/freeradius.html
>
> Look for red text.
>
>>> Is there anything I did wrong? Let me know if you need more
>>> debugging info.
>
> The debug log already shows everything you need to know.
>
> The CA used by the client is *not* the same as the CA used by the
> server.
>
Yes, from the debug log, we can tell that the CA is wrong.
But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes wrong with EAP-TLS?
Here is my configure file for EAP-TTLS which works.
WPA_EAP_TTLS_CHAP.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="ASUS-2.4G"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="root"
password="wireless"
ca_cert="./ca.pem"
phase2="auth=CHAP"
}
Here is my configure file for EAP-TLS which fails authentication.
WPA_EAP_TLS.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="ASUS-2.4G"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TLS
identity="root"
ca_cert="./ca.pem"
client_cert="./client.pem"
private_key="./client.pem"
private_key_passwd="whatever"
}
The client.pem used by client was also copied from server.
Is there anything wrong with my configure file? I also attached the *.pem.
Thanks,
jiajia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: users
Type: application/octet-stream
Size: 6564 bytes
Desc: users
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/d2e3ebdf/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tls.log
Type: application/octet-stream
Size: 31095 bytes
Desc: tls.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/d2e3ebdf/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clients.conf
Type: application/octet-stream
Size: 6496 bytes
Desc: clients.conf
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/d2e3ebdf/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ca.pem
Type: application/octet-stream
Size: 1675 bytes
Desc: ca.pem
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/d2e3ebdf/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.pem
Type: application/octet-stream
Size: 3420 bytes
Desc: client.pem
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/d2e3ebdf/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.pem
Type: application/octet-stream
Size: 3495 bytes
Desc: server.pem
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/d2e3ebdf/attachment-0005.obj>
More information about the Freeradius-Users
mailing list