No luck connecting from a ZyXEL NWA3160-N AP
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 2 16:10:13 CET 2012
On 02/11/12 14:56, Erich Titl wrote:
> authenticating against a MySQL database appeast to work fine using radtest
This is not really a good test. radtest is sending "pap".
Download the "wpa_supplicant" sources and compile "eapol_test".
> I connected a ZyXEL NWA 3160-N (latest Firmware), generated a
> certificate request, signed it using XCA and reimported it on the AP.
Why does the AP need a cert?
> [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
> TLS_accept: failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> .....
>
> There appears to be something wrong with the client certificate passed
> by the AP in the eap conversation. I doublechecked the certificates and
> googled my fingers raw on this.
No. This is a message *from* the client saying it doesn't trust the
*radius server* certificate.
You haven't imported your CA on the client properly.
More information about the Freeradius-Users
mailing list