freeRADIUS 3.0.4, NetworkManager 1.0.6-27.el7, and wpa_supplicant v2.0 client side cert issues?

Stefan Winter stefan.winter at restena.lu
Wed Feb 10 08:14:54 CET 2016


And here is the screenshot, unless it gets scraped.

Am 10.02.2016 um 01:39 schrieb John Teasley:
> Hello,
> 
> I wanted to post what I had to do in order to get NetworkManager EAP-TLS
> connections to work. I am hoping that someone can tell me if I am wrong or,
> if the issue is NetworkManager.
> 
> 1. eapol_test works fine.
> 2. Direct wpa_supplicant config works fine.
> 3. Unless importing the radiusd CA into the client, a unknown CA error is
> thrown. Now, I dont like the idea of doing the below; however, it was the
> only way on fc22 with the versions stated above to get connected via
> NetworkManager.
> 
> AS root :
>     > cp /home/user/CERTS/radius_ca.pem /etc/pki/ca-trust/source/anchors/
>     >update-ca-trust
> 
> 5. Connections to EAP-TLS via NetworkManager now work.
> 6. PROBLEM, I don't want a private CA set globally. A vpn connection does
> not do this when using
>     private CA. Also, wpa_supplicant works with out the CA being imported
> into the global store.
> 
> 7. I REALLY DONT LIKE THE SELF SIGNED / PRIVATE CA GLOBALLY.
> 
> Does anyone see any obvious mistakes in what a described above?
> 
> Ollie Teasley
> Linux Administrator
> ISMELL.SHOES, LLC
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: plasma-nm.png
Type: image/png
Size: 33581 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160210/e7efbbb2/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160210/e7efbbb2/attachment-0001.sig>


More information about the Freeradius-Users mailing list