wifi + freeradius + mysql + eap/tls

Alan DeKok aland at deployingradius.com
Fri Nov 18 08:55:31 CET 2011

Enrique Llanos Vargas wrote:
> I've just installed a freeradius+mysql on a debian 6.0.3, first test
> from localhost with radtest and mysql user auth (radcheck table) worked
> well, 2nd test with radeaptest with mysql and md5 eap method worked well
> too, but I don't find a way to make it work with eap+tls:

  Follow the EAP-TLS guide on the web site.  It *will* work.

> Here's my error output:
> *[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca 
> TLS Alert read:fatal:unknown CA
>     TLS_accept: failed in SSLv3 read client certificate A

  That is relatively clear:  the client certificate was signed by an
unknown CA.

> For what I've read, either I must create my own certs for eap+tls

  Uh... that's how TLS works.  You sign client certificates.

> or I
> can disable TLS, for the 1st, I've followed 'n' guides on the web but
> none seems to work for me and for the second, I just dont find where to
> disable the eap with TLS.
> I don't really want to use TLS, so if you help me to disable TLS, it'll
> be fine for me.

  Disabling TLS is simple: delete the "tls {...}" block from eap.conf.

  Alan DeKok.

More information about the Freeradius-Users mailing list