wifi + freeradius + mysql + eap/tls
Alan DeKok
aland at deployingradius.com
Fri Nov 18 08:55:31 CET 2011
Enrique Llanos Vargas wrote:
> I've just installed a freeradius+mysql on a debian 6.0.3, first test
> from localhost with radtest and mysql user auth (radcheck table) worked
> well, 2nd test with radeaptest with mysql and md5 eap method worked well
> too, but I don't find a way to make it work with eap+tls:
Follow the EAP-TLS guide on the web site. It *will* work.
> Here's my error output:
>
> *[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
> TLS_accept: failed in SSLv3 read client certificate A
That is relatively clear: the client certificate was signed by an
unknown CA.
> For what I've read, either I must create my own certs for eap+tls
Uh... that's how TLS works. You sign client certificates.
> or I
> can disable TLS, for the 1st, I've followed 'n' guides on the web but
> none seems to work for me and for the second, I just dont find where to
> disable the eap with TLS.
>
> I don't really want to use TLS, so if you help me to disable TLS, it'll
> be fine for me.
Disabling TLS is simple: delete the "tls {...}" block from eap.conf.
Alan DeKok.
More information about the Freeradius-Users
mailing list