Problems with CA using PEAP/TTLS
aland at deployingradius.com
Tue Oct 11 22:45:58 CEST 2016
On Oct 11, 2016, at 4:28 PM, dump at gmx.info wrote:
> I'm using freeradius 2.2.5 on debian for authentication of wireless
You should upgrade to 3.0.12. It may help.
> The problem is that authenticating clients (I'm using PEAP/TTLS)
> works only if the CA-certificate is ignored by the client side.
Which means that the client doesn't have the CA installed.
> trying to authenticate the clients using the CA in Network-Manager the
> authentication fails. The server certificate of freeradius is correctly
> signed and the public CA is selected at the clients (linux using
Ask the Network-Manager people why their software is broken. :(
> Is there a possibility to catch the server certificate on the client
> side after the transfer to the client. And then checking this server
> certificate signature against the locally installed CA-certificate by
> hand? For example using tcpdump?
More information about the Freeradius-Users