Failure with "TLS authentication" and "Freeradius on Fefora-17"

Ajay Garg ajaygargnsit at gmail.com
Sun Jan 6 15:25:03 CET 2013


I just realised that I can put the issue in a simpler realm (not requiring
any externally written client-code files ) ::

I am unable to get "TLS-authentication" working, when a "Fedora-17-client"
tries to connect to a "WPA/WPA2-Enterprise network" through
"gnome-shell-applet", via Freeradius-running-on-Fedora-17".




On Sun, Jan 6, 2013 at 7:31 PM, Ajay Garg <ajaygargnsit at gmail.com> wrote:

> Hi all.
>
> I have been facing a very particular issue, when  trying to connect to a
> WPA/WPA-2 Enterprise connection via "TLS authentication"
> (note that  "TTLS" and "PEAP" authentication work perfect).
>
> Settings ::
>
> a)
> As per
> http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/python/add-system-wifi-connection.py,
> the code is written on a Fedora-18 base, using NM0.9
> (this code is wriiten on the "client" computers, that wish to connect to
> the "TLS authenticated" WPA/WPA2-Enterprise network).
>
>
>
> b)
> Freeradius is being used as the user-authentication server.
>
>
>
> c)
> Now, when freeradius is being used on a Fedora-14 base, the "TLS"
> authentication works fine.
> I do the following, to generate the certificates required for TLS ::
>
>                           su -
>                           cd /etc/raddb/certs
>                           make clean
>                           make client.pem
>
> I then fill in the following fields (on the client-side)::
>
>                  'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),
>                  'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora14"),
>                  'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),
>
>
> The client gets connected flawlessly to the wifi-network :)
>
>
>
> d)
> However, when freeradius is used on a Fedora-18 base, the "TLS"
> authentication does not work fine.
>
> I follow the same procedure to generate the certificates ::
>
>                           su -
>                           cd /etc/raddb/certs
>                           make clean
>                           make client.pem
>
>
> and then fill up the values as ::
>
>                  'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),
>                  'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora17"),
>                  'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),
>
>
> However, now the wifi-network is not connected; there are "Access-Reject"
> messages in freeradius-logs.
>
>
>
> Has there been a change in the way certificates are to generated/deployed
> when  using Free-radius on  Fedora-17?
> Or there needs to be a change in the NM-client-side-code?
>
>
>
>
> I will be grateful for a reply.
>
>
>
>
> Regards,
> Ajay
>



-- 
Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130106/0fefe015/attachment.html>


More information about the Freeradius-Users mailing list