More freeradius fun - some clients not connecting

Chris Bradley bradleyc at bcsc.k12.in.us
Wed May 22 22:45:55 CEST 2019


Thanks Alan. Still struggling with this.

Let's say I start over on a windows client. 

Which files do I need to grab from freeradius (guessing from /etc/freeradius/certs) and what certificate stores do they need to go in?

Thanks!! =)
>>> Alan DeKok <aland at deployingradius.com> 5/21/2019 11:18 AM >>>
On May 21, 2019, at 9:24 AM, Chris Bradley <bradleyc at bcsc.k12.in.us> wrote:
> Some (not all - some work and some don't) of our re-imaged computers won't connect to our certificate based 802.1x networks. On the server, I'm seeing this error as I'm tailing the freeradius log:
> 
> 
> Tue May 21 09:07:50 2019 : ERROR: (185581) eap_tls:   ERROR: SSL says error 20 : unable to get local issuer certificate
> Tue May 21 09:07:50 2019 : ERROR: (185581) eap_tls: ERROR: TLS Alert write:fatal:unknown CA

  The client is unable to get the local issuer certificate, and is sending an error saying it doesn't know the CA that the server is presenting.

> Tue May 21 09:07:50 2019 : Error: tls: TLS_accept: Error in SSLv3 read client certificate B

  That error comes from OpenSSL, and has a pretty darned opaque meaning.

> The two clients are identical machines, the wireless networks and the certificates are installed the same exact way.

  Nope.

  Something is different between them.  Typically it's because the CA cert isn't installed on the machine which is complaining.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list