Failure with "TLS authentication" and "Freeradius on Fefora-17"

Ajay Garg ajaygargnsit at gmail.com
Tue Jan 8 21:53:01 CET 2013 

On Tue, Jan 8, 2013 at 6:45 PM, John Dennis <jdennis at redhat.com> wrote:

> On 01/08/2013 05:10 AM, Ajay Garg wrote:
>
>> Could you please specify the order of scripts to be run, so that proper
>> certificates may be generated - both for the server, and the client? :P
>>
>
> You were given the answer. It's not just a matter of running the scripts
> it also requires knowing what the scripts output and how to configure
> *both* the client and the server with the script output.
>
> You've never explained what you're doing in any detail, especially with
> regard to where you're generating the client cert. In a previous email I
> explained what the server needs and what the client needs. Now you're going
> to have to put that information to use. You really do have to invest the
> energy into learning how the pieces fit together.


Ok.. so here goes what I have been wanting to accomplish :P


ROUTER-SIDE ::
===========

a)
Configure the router to do WPA/WPA2-Enterprise authentication.

b)
The authentication is to be done via a freeradius-server.

c)
I connect a wired-cable between the router and the
freeradius-server-machine, to have a physical medium via which the router
and the server may talk.


SERVER-SIDE ::
===========

a)
Freeradius-server is running on Fedora-17 (freeradius-2.2.0-0.fc17.i686)

b)
After installing freeradius,  the certificates are generated via (on
Fedora-17 machine) ::

                                       su -
                                       rm /etc/raddb/modules/dhcp_sqlippool
                                       cd /etc/raddb/certs
                                       make destroycerts
                                       make
                                       make client
                                       chmod 0644 client.p12
                                       chmod 0644 ca.pem

c)
Now, the freeradius is started on the Fedora-17 machine as ::

                                       sudo /usr/sbin/radiusd -X &

Server runs fine.



CLIENT-SIDE ::
===========

a)
THE SAME FEDORA-17 MACHINE ACTS AS THE CLIENT TOO :)

b)
Now, from the gnome-panel applet, I try connecting to the WPA/WPA-2
Enterprise network, by setting the following settings ::

                                        Wireless Security
:             WPA/WPA2-Enterprise
                                        Authentication
:             TLS
                                        Identity
:             Anonymous
                                        User Certificate
:             /etc/raddb/certs/client.p12
                                        CA Certificate
:            /etc/raddb/certs/ca.pem
                                        Private Key
:             /etc/raddb/certs/client.p12
                                        Private Key Password  :
whatever


c)
I click the "Connect" button.....



and then the dreaded logs happen :(






>
>
> --
> John Dennis <jdennis at redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>



-- 
Regards,
Ajay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130109/e7ca09ac/attachment.html>

More information about the Freeradius-Users mailing list