EAP-TLS with Ldap

Usuário do Sistema maiconlp at ig.com.br
Sat Mar 12 21:06:58 CET 2011

Hello, I'm new at the Freeradius and I'm deploying it with EAP-TLS to
authenticate my Wireless users which will be authenticated against a
OpenLDAP base.

I'm using freeradius2 and when I make a test from other linux machine with
command "radtest joao.vero jango123 2 meleca" it's working as
follow out

Sending Access-Request of id 45 to port 1645
        User-Name = "joao.vero"
        User-Password = "jango123"
        NAS-IP-Address =
        NAS-Port = 2
rad_recv: Access-Accept packet from host, id=45,

But, when I'm going  to authenticate wireless users from Win7 ( with
EAP-TLS, I'm using the test certificate from /etc/raddb/certs/..) It isn't
working. it's appear in log:

TLS Alert read:fatal:unknown CA
    TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation

What I did until at the moment in ralation EAP-TLS:

I've configured the eap.conf file to read the certificates from
I've create the user certificate ( as shows README in /etc/raddb/certs )
I've copied and installed two certificates to user machine: cliente.p12 and
ca.der. the first as personal and the last as Trusted Root
Certification Authorities

I wish to use LDAP for authenticate my users but seems that User-Password
must be Clear text. there is possible reach EAP-TLS with LDAP??

What I have do ??

any help is welcome

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110312/28931f9b/attachment.html>

More information about the Freeradius-Users mailing list