Freeradius2 and OSX clients no TLS

Guy guy at britewhite.net
Sat Mar 5 18:39:32 CET 2011 

it wasn't Freeradius providing the login window, it was OSX... trying to logon to the WiFi Network

--Guy

On 5 Mar 2011, at 17:26, Luke Hammond wrote:

> Just a side question, how did you get Freedradius to give you a login window? i tried this and couldn't see how to get it to work.. so had to use another portal for this.
> 
> 
> On 5/03/2011 2:10 PM, Gary Gatten wrote:
>> FR just does what its told. I think the settings need to be changed on your wireless gear.
>> 
>> ----- Original Message -----
>> From: Guy [mailto:guy at britewhite.net]
>> Sent: Saturday, March 05, 2011 10:46 AM
>> To: freeradius-users at lists.freeradius.org<freeradius-users at lists.freeradius.org>
>> Subject: Freeradius2 and OSX clients no TLS
>> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> Hi,
>> 
>> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, and I have it basically working.  my iPhone/iPad are able to authenticate and connect via the base station.  However my Mac (OSX 10.6 Snow leopard) Laptops are having issues.
>> 
>> I do not want to push out Client certificates to the laptops. I also do not want people to have to perform any customisations on the clients.
>> 
>> When the laptop attempts to join the network I get a nice login window, with username/password. This is fine.  However without playing with the network settings (802.1x settings).  I'm not able to join the network because I do not have a client Cert:
>> 
>> Sat Mar  5 16:21:28 2011 : Error: -->  verify error:num=19:self signed certificate in certificate chain
>> Sat Mar  5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA
>> Sat Mar  5 16:21:28 2011 : Error:     TLS_accept:error in SSLv3 read client certificate B
>> Sat Mar  5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>> Sat Mar  5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails.
>> Sat Mar  5 16:21:28 2011 : Auth: Login incorrect: [guy/<via Auth-Type = EAP>] (from client extreme port 0 cli 00-19-E3-E1-BA-C5)
>> 
>> 
>> However if I do change the 802.1x settings on the mac to not try and to TLS then I'm able to connect just fine.  either by PEAP, or TTLS..
>> 
>> So finally my question... How can I reconfigure Radius to not try and offer TLS or if it does offer TLS to not die if a cert is not presented??
>> 
>> I have tried some suggestions such as commenting out the CA in the eap.conf file, but still I fail to pass the TLS.
>> 
>> Thanks
>> 
>> - ---Guy
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>> 
>> iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT
>> zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L
>> =JyX7
>> -----END PGP SIGNATURE-----
>> 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> 
>> 
>> 
>> 
>> 
>> <font size="1">
>> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
>> </div>
>> "This email is intended to be reviewed by only the intended recipient
>>  and may contain information that is privileged and/or confidential.
>>  If you are not the intended recipient, you are hereby notified that
>>  any review, use, dissemination, disclosure or copying of this email
>>  and its attachments, if any, is strictly prohibited.  If you have
>>  received this email in error, please immediately notify the sender by
>>  return email and delete this email from your system."
>> </font>
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list