Machine auth fails but user auth works
Alan DeKok
aland at deployingradius.com
Fri Dec 4 23:32:02 CET 2015
On Dec 4, 2015, at 5:24 PM, Dennis Xu <dxu at uoguelph.ca> wrote:
>
> I have listed all root and intermediate CAs in the eap file:
>
> ...
> ca_file = ${cadir}/SSL_PrimaryCA.pem
> ca_file = ${cadir}/SSL_SecondaryCA.pem
> ca_file = ${cadir}/thawte_Premium_Server_CA.pem
You do realize that doesn't work, right?
Please *follow instructions*.
Arran said:
> So you need your server cert, and the intermediary CAs all concatenated together in the same file.
What part of that is unclear?
> The server certificate and its configuration should be ok, otherwise the user authentication would fail as well.
No.
> If the server is trying to valid client certificate, it will fail for sure as there is no certificate on clients and I don't think that is required for PEAP.
It's not.
The client is trying to verify the server certificate and failing. Because you're not following instructions.
Alan DeKok.
More information about the Freeradius-Users
mailing list