PEAP/MSCHAPv2 problem

Jürgen Stader juergen.stader at hs-furtwangen.de
Mon Apr 4 16:42:50 CEST 2011


Hi,

thanks for your reply.

Am 04.04.2011 16:27, schrieb Stefan Winter:
> Hi,
>
> PEAP can work with or without client certs. Both run through the "tls"
> instance; that is no error. The problem is much rather here:
>
>> Sending Access-Challenge of id 219 to ... port 32769
>> Waking up in 2.0 seconds.
>> Cleaning up request 0 ID 219 with timestamp +3
>> WARNING:
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> WARNING: !! EAP session for state 0x3abc7e1c3abf6764 did not finish!
>> WARNING: !! Please read
>> http://wiki.freeradius.org/Certificate_Compatibility
>> WARNING:
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> Ready to process requests.
> The client probably doesn't like the server certificate, and stops
> talking to the server.
>
> When you cloned your RADIUS server, did you give the clone a different
> certificate afterwards? FreeRADIUS will generate a sample one on first
> start. If your client only trusts the old one, it won't talk to the new
> one...
The original radius has a trusted certificate, signed by our CA. The 
clone has also a trusted certificate with its DN registred in DNS.
I edited the corresponding section in eap.conf and placed the filename 
of the new certificate- and keyfile.

private_key_file = ${certdir}/roaming.key
certificate_file = ${certdir}/roaming.pem

The certificates were generate with the same attributes (exept the DN).



More information about the Freeradius-Users mailing list