users configuration and certs

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Feb 18 10:54:04 CET 2016


Hi,

> user1        User-Password == "user1"

stuff deleted

> user2        User-Password == "user2"

stuff deleted

> i tested md5 first and it works (i think) but not able to bring up tunnel, so not able to get vlan id and ip addresses:


..and that is because....

> (0) Received Access-Request Id 148 from 100.64.8.3:51157 to 10.85.19.162:1812 length 170
> (0)   User-Name = "tester4"

tester4 ?   well, tester4 doesnt appear in your users file and thus has no VLAN etc defined...... thats whhy that isnt working for
you. the server isnt magical.

> i copied "client.pem" from the server to client side and tried "tls". this time i don't see any outputs from "radiusd -sX" (i think because of failed certs and 802.1x didn't even finish its process)
> the client side showed failed message:
> "Validated, Test cannot continue, a fatal error encountered when working with certificates"
> how could i troubleshoot this? is it an issue of certs?

well, keep working at it - get some more 802.1X experience....but the client itself will need the  CA of the RADIUS server as well as the client
cert to present to the server  (the server will send through the server cert itself if used so no need for client to hold that).   if you dont see
any output at all from  radiusd -X  (after the 'Ready to Process requests....' line)  then either the 802.1X isnt configured
correctly on the NAS - and therefore the client isnt challenged for 802.1X or the client isnt configured correctly.

start with basic steps...do the TLS EAP 802.1X stuff locally on the radius server with eg eapol_test before you involve network kit/NAS/remote clients etc

alan


More information about the Freeradius-Users mailing list