Freeradius2 and OSX clients no TLS

Luke Hammond luke at dezignbrasil.com
Sat Mar 5 18:26:03 CET 2011


Just a side question, how did you get Freedradius to give you a login 
window? i tried this and couldn't see how to get it to work.. so had to 
use another portal for this.


On 5/03/2011 2:10 PM, Gary Gatten wrote:
> FR just does what its told. I think the settings need to be changed on your wireless gear.
>
> ----- Original Message -----
> From: Guy [mailto:guy at britewhite.net]
> Sent: Saturday, March 05, 2011 10:46 AM
> To: freeradius-users at lists.freeradius.org<freeradius-users at lists.freeradius.org>
> Subject: Freeradius2 and OSX clients no TLS
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, and I have it basically working.  my iPhone/iPad are able to authenticate and connect via the base station.  However my Mac (OSX 10.6 Snow leopard) Laptops are having issues.
>
> I do not want to push out Client certificates to the laptops. I also do not want people to have to perform any customisations on the clients.
>
> When the laptop attempts to join the network I get a nice login window, with username/password. This is fine.  However without playing with the network settings (802.1x settings).  I'm not able to join the network because I do not have a client Cert:
>
> Sat Mar  5 16:21:28 2011 : Error: -->  verify error:num=19:self signed certificate in certificate chain
> Sat Mar  5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA
> Sat Mar  5 16:21:28 2011 : Error:     TLS_accept:error in SSLv3 read client certificate B
> Sat Mar  5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> Sat Mar  5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails.
> Sat Mar  5 16:21:28 2011 : Auth: Login incorrect: [guy/<via Auth-Type = EAP>] (from client extreme port 0 cli 00-19-E3-E1-BA-C5)
>
>
> However if I do change the 802.1x settings on the mac to not try and to TLS then I'm able to connect just fine.  either by PEAP, or TTLS..
>
> So finally my question... How can I reconfigure Radius to not try and offer TLS or if it does offer TLS to not die if a cert is not presented??
>
> I have tried some suggestions such as commenting out the CA in the eap.conf file, but still I fail to pass the TLS.
>
> Thanks
>
> - ---Guy
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>
> iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT
> zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L
> =JyX7
> -----END PGP SIGNATURE-----
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
> </div>
> "This email is intended to be reviewed by only the intended recipient
>   and may contain information that is privileged and/or confidential.
>   If you are not the intended recipient, you are hereby notified that
>   any review, use, dissemination, disclosure or copying of this email
>   and its attachments, if any, is strictly prohibited.  If you have
>   received this email in error, please immediately notify the sender by
>   return email and delete this email from your system."
> </font>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list