How to implement EAP-TLS with freeradius and wpa_supplicant?

sunhualing sunhualing at gmail.com
Thu May 13 05:07:45 CEST 2010


检查一下时间系统,要求在证书的有效期内
CA的事情有点难说,你再检查下配置

On Thu, May 13, 2010 at 10:53 AM, Zheng, Jiajia <jiajia.zheng at intel.com>wrote:

> Alan DeKok wrote:
> > Zheng, Jiajia wrote:
> >>> 11. EAP-TLS failed, see the attached tls.log for the output of
> >>> radiusd Could you help me out on this issue?
> >
> >   Paste the debug output into the "self-help" form at:
> >
> > http://networkradius.com/freeradius.html
> >
> >   Look for red text.
> >
> >>> Is there anything I did wrong? Let me know if you need more
> >>> debugging info.
> >
> >   The debug log already shows everything you need to know.
> >
> >   The CA used by the client is *not* the same as the CA used by the
> > server.
> >
> Yes, from the debug log, we can tell that the CA is wrong.
> But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes
> wrong with EAP-TLS?
> Here is my configure file for EAP-TTLS which works.
> WPA_EAP_TTLS_CHAP.conf
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=wheel
> network={
> ssid="ASUS-2.4G"
> scan_ssid=1
> key_mgmt=WPA-EAP
> eap=TTLS
> identity="root"
> password="wireless"
> ca_cert="./ca.pem"
> phase2="auth=CHAP"
> }
> Here is my configure file for EAP-TLS which fails authentication.
> WPA_EAP_TLS.conf
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=wheel
> network={
> ssid="ASUS-2.4G"
> scan_ssid=1
> key_mgmt=WPA-EAP
> eap=TLS
> identity="root"
> ca_cert="./ca.pem"
> client_cert="./client.pem"
> private_key="./client.pem"
> private_key_passwd="whatever"
> }
>
> The client.pem used by client was also copied from server.
> Is there anything wrong with my configure file? I also attached the *.pem.
>
> Thanks,
> jiajia
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100513/be3d944b/attachment.html>


More information about the Freeradius-Users mailing list