Machine auth fails but user auth works

Alan DeKok aland at deployingradius.com
Fri Dec 4 23:32:02 CET 2015


On Dec 4, 2015, at 5:24 PM, Dennis Xu <dxu at uoguelph.ca> wrote:
> 
> I have listed all root and intermediate CAs in the eap file:
> 
> ...
>                ca_file = ${cadir}/SSL_PrimaryCA.pem
>                ca_file = ${cadir}/SSL_SecondaryCA.pem
>                ca_file = ${cadir}/thawte_Premium_Server_CA.pem

  You do realize that doesn't work, right?

  Please *follow instructions*.

  Arran said:

> So you need your server cert, and the intermediary CAs all concatenated together in the same file. 


  What part of that is unclear?

> The server certificate and its configuration should be ok, otherwise the user authentication would fail as well.  

  No.

> If the server is trying to valid client certificate, it will fail for sure as there is no certificate on clients and I don't think that is required for PEAP.

  It's not.

  The client is trying to verify the server certificate and failing.  Because you're not following instructions.

  Alan DeKok.




More information about the Freeradius-Users mailing list