Strange things with android phone
Kamil Jońca
kjonca at o2.pl
Sat Aug 22 12:35:57 CEST 2015
A.L.M.Buxey at lboro.ac.uk writes:
> Hi,
>
>> I have configured and working wifi with eap-tls authentication.
>> I want to use another root ca, so I did the following steps.
>
> yep - but if you are making new CAs and addign them to clients, you ALSO have to re-configure your FreeRADIUS
> server to use that new CA. you can see in your logs:
>
> Sat Aug 22 12:05:05 2015 : Auth: Login incorrect (TLS Alert read:fatal:unknown CA): [selen.kjonca] (from client ni port 2 cli 00-08-22-4F-62-54)
> Sat Aug 22 12:05:05 2015 : Info: Using Post-Auth-Type REJECT
>
>
> (and plenty of other 'Unknown CA' messages)
>
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have copied new ca file to CA_path, and done c_rehash. What else
should I do?
BTW. excerpt from my eap.conf
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = [.....]
private_key_file = [....]
certificate_file = ${confdir}/certs/wifi,beta-wifi-beta,2,1.pem
certificate_file = ${confdir}/certs/wifi,beta-wifi-beta,2.5.pem
dh_file = /etc/ssl/dh.pem
random_file = /dev/urandom
CA_path = ${cadir}
check_cert_cn = %{User-Name}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
[....]
--
http://wolnelektury.pl/wesprzyj/teraz/
This fortune intentionally not included.
More information about the Freeradius-Users
mailing list