EAP failure when using production certificates
Wayne Fillmer
wfillmer at opentext.com
Wed Feb 9 20:29:46 UTC 2022
I am attempting to setup a freeRADIUS server in a lab environment on Ubuntu 18.04. This server is used to test a WPA supplicant implementation on a piece of portable hardware. I feel reasonably confident the supplicant and nas (Cisco 2950) are configured correctly. I am very much unfamiliar with freeradius - that means I could get pretty far using the available documentation until I ran into trouble. Now I have no idea what to do.
Everything seems to be working according to the guide up until making production certs. I have performed eapol_test tests using the snakeoil certs.
Note: I have created the user "bob" and still have the pwd "hello" at the top of my "users" file. I am using user "bob" and pwd: "hello" when I attempt to connect from the supplicant
When I create production certs (deployingradius.com instructions) and attempt to authenticate I see the following error (log is followed by excerpts of my .cnf files):
________________________________________________________________________________________
(5) Received Access-Request Id 95 from 192.168.1.150:1812 to 192.168.1.77:1812 length 133
(5) NAS-IP-Address = 192.168.1.150
(5) NAS-Port = 50006
(5) NAS-Port-Type = Ethernet
(5) User-Name = "anonymous"
(5) Called-Station-Id = "00-19-55-14-71-86"
(5) Calling-Station-Id = "00-0E-CC-01-00-12"
(5) Service-Type = Framed-User
(5) Framed-MTU = 1500
(5) EAP-Message = 0x0200000e01616e6f6e796d6f7573
(5) Message-Authenticator = 0xf874795e57a7144af1993e43a9137bb2
(5) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ /@\./) {
(5) if (&User-Name =~ /@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 0 length 14
(5) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) authenticate {
(5) eap: Peer sent packet with method EAP Identity (1)
(5) eap: Calling submodule eap_md5 to process data
(5) eap_md5: Issuing MD5 Challenge
(5) eap: Sending EAP Request (code 1) ID 1 length 22
(5) eap: EAP session adding &reply:State = 0x4cc7d48a4cc6d040
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) Sent Access-Challenge Id 95 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(5) EAP-Message = 0x01010016041080eea1bd20abc6b82a858b58e295682d
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x4cc7d48a4cc6d0402157ab210e499381
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 96 from 192.168.1.150:1812 to 192.168.1.77:1812 length 143
(6) NAS-IP-Address = 192.168.1.150
(6) NAS-Port = 50006
(6) NAS-Port-Type = Ethernet
(6) User-Name = "anonymous"
(6) Called-Station-Id = "00-19-55-14-71-86"
(6) Calling-Station-Id = "00-0E-CC-01-00-12"
(6) Service-Type = Framed-User
(6) Framed-MTU = 1500
(6) State = 0x4cc7d48a4cc6d0402157ab210e499381
(6) EAP-Message = 0x020100060319
(6) Message-Authenticator = 0x879827383b947031784d9d31f879a0be
(6) session-state: No cached attributes
(6) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ /@\./) {
(6) if (&User-Name =~ /@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 1 length 6
(6) eap: No EAP Start, assuming it's an on-going EAP conversation
(6) [eap] = updated
(6) [files] = noop
(6) [expiration] = noop
(6) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(6) [pap] = noop
(6) } # authorize = updated
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) authenticate {
(6) eap: Expiring EAP session with state 0x4cc7d48a4cc6d040
(6) eap: Finished EAP session with state 0x4cc7d48a4cc6d040
(6) eap: Previous EAP request found for state 0x4cc7d48a4cc6d040, released from the list
(6) eap: Peer sent packet with method EAP NAK (3)
(6) eap: Found mutually acceptable type PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Initiating new TLS session
(6) eap_peap: [eaptls start] = request
(6) eap: Sending EAP Request (code 1) ID 2 length 6
(6) eap: EAP session adding &reply:State = 0x4cc7d48a4dc5cd40
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) Sent Access-Challenge Id 96 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(6) EAP-Message = 0x010200061920
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x4cc7d48a4dc5cd402157ab210e499381
(6) Finished request
Waking up in 4.9 seconds.
(7) Received Access-Request Id 97 from 192.168.1.150:1812 to 192.168.1.77:1812 length 337
(7) NAS-IP-Address = 192.168.1.150
(7) NAS-Port = 50006
(7) NAS-Port-Type = Ethernet
(7) User-Name = "anonymous"
(7) Called-Station-Id = "00-19-55-14-71-86"
(7) Calling-Station-Id = "00-0E-CC-01-00-12"
(7) Service-Type = Framed-User
(7) Framed-MTU = 1500
(7) State = 0x4cc7d48a4dc5cd402157ab210e499381
(7) EAP-Message = 0x020200c81980000000be16030100b9010000b50303cf55ef6b065e75187d44a00b78abdd5a9ee6ee2df1619e75404464ed71f1fe10000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(7) Message-Authenticator = 0x21101c165e65a656d50272c5b281668d
(7) session-state: No cached attributes
(7) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ /@\./) {
(7) if (&User-Name =~ /@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 2 length 200
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) authenticate {
(7) eap: Expiring EAP session with state 0x4cc7d48a4dc5cd40
(7) eap: Finished EAP session with state 0x4cc7d48a4dc5cd40
(7) eap: Previous EAP request found for state 0x4cc7d48a4dc5cd40, released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: Peer indicated complete TLS record size will be 190 bytes
(7) eap_peap: Got complete TLS record (190 bytes)
(7) eap_peap: [eaptls verify] = length included
(7) eap_peap: (other): before SSL initialization
(7) eap_peap: TLS_accept: before SSL initialization
(7) eap_peap: TLS_accept: before SSL initialization
(7) eap_peap: <<< recv TLS 1.3 [length 00b9]
(7) eap_peap: TLS_accept: SSLv3/TLS read client hello
(7) eap_peap: >>> send TLS 1.2 [length 003d]
(7) eap_peap: TLS_accept: SSLv3/TLS write server hello
(7) eap_peap: >>> send TLS 1.2 [length 02de]
(7) eap_peap: TLS_accept: SSLv3/TLS write certificate
(7) eap_peap: >>> send TLS 1.2 [length 014d]
(7) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(7) eap_peap: >>> send TLS 1.2 [length 0004]
(7) eap_peap: TLS_accept: SSLv3/TLS write server done
(7) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server done
(7) eap_peap: TLS - In Handshake Phase
(7) eap_peap: TLS - got 1152 bytes of data
(7) eap_peap: [eaptls process] = handled
(7) eap: Sending EAP Request (code 1) ID 3 length 1004
(7) eap: EAP session adding &reply:State = 0x4cc7d48a4ec4cd40
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) Sent Access-Challenge Id 97 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(7) EAP-Message = 0x010303ec19c000000480160303003d020000390303a74cffbf343fd7c8b109ec3ea47ccc50fbb5149af11b6a32ca56d993ea01a8c900c030000011ff01000100000b0004030001020017000016030302de0b0002da0002d70002d4308202d0308201b8a003020102021419d6f93d1218741c7f2fa6ede241a78132b401ac300d06092a864886f70d01010b05003011310f300d06035504030c067562756e7475301e170d3232303132363031313931335a170d3332303132343031313931335a3011310f300d06035504030c067562756e747530820122300d06092a864886f70d01010105000382010f003082010a0282010100d656ad371181abcd6dc6f07509488dc77d22f6155af16aa35c5309c976fa9420fb38f8b8cbc39a1c2bb7eb1feabd7b240773e067e3b5549ffa3f5824a69b1b7784c8f4e63aa63a1cf9749dbc3bc5501053c57cb0a2e259cc980310d47f32f306a6606828c81f64df02505498228575742e23311a7b600705c40465800fe7b8ad76d948
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x4cc7d48a4ec4cd402157ab210e499381
(7) Finished request
Waking up in 4.9 seconds.
(8) Received Access-Request Id 98 from 192.168.1.150:1812 to 192.168.1.77:1812 length 143
(8) NAS-IP-Address = 192.168.1.150
(8) NAS-Port = 50006
(8) NAS-Port-Type = Ethernet
(8) User-Name = "anonymous"
(8) Called-Station-Id = "00-19-55-14-71-86"
(8) Calling-Station-Id = "00-0E-CC-01-00-12"
(8) Service-Type = Framed-User
(8) Framed-MTU = 1500
(8) State = 0x4cc7d48a4ec4cd402157ab210e499381
(8) EAP-Message = 0x020300061900
(8) Message-Authenticator = 0xb07b3ba30bd185c45325c3cbd8c40fdb
(8) session-state: No cached attributes
(8) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ /@\./) {
(8) if (&User-Name =~ /@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 3 length 6
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) authenticate {
(8) eap: Expiring EAP session with state 0x4cc7d48a4ec4cd40
(8) eap: Finished EAP session with state 0x4cc7d48a4ec4cd40
(8) eap: Previous EAP request found for state 0x4cc7d48a4ec4cd40, released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: Peer ACKed our handshake fragment
(8) eap_peap: [eaptls verify] = request
(8) eap_peap: [eaptls process] = handled
(8) eap: Sending EAP Request (code 1) ID 4 length 164
(8) eap: EAP session adding &reply:State = 0x4cc7d48a4fc3cd40
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) Sent Access-Challenge Id 98 from 192.168.1.77:1812 to 192.168.1.150:1812 length 0
(8) EAP-Message = 0x010400a41900c352a5a55dc2ef5120ad94b21b7f13f48a2a0700d2267ad9686e4a0172d1de5157bb1ba0cd637466cdb079b9dcb60ff10f72686dd9c5a12d0ecfafdb4e1da0ccddc99fdff5eaf7f4a069e9f93bf10dcd4e90b13060ce5356ba7ebaf57a6f65f2bdcc2420a76d757d62e0c68016fac9fd9b511c8a01ec5ee2386b32f90bf900501e40fcc9b069dfc900a79eb8d43d3232129ec917b816030300040e000000
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x4cc7d48a4fc3cd402157ab210e499381
(8) Finished request
Waking up in 4.9 seconds.
(9) Received Access-Request Id 99 from 192.168.1.150:1812 to 192.168.1.77:1812 length 154
(9) NAS-IP-Address = 192.168.1.150
(9) NAS-Port = 50006
(9) NAS-Port-Type = Ethernet
(9) User-Name = "anonymous"
(9) Called-Station-Id = "00-19-55-14-71-86"
(9) Calling-Station-Id = "00-0E-CC-01-00-12"
(9) Service-Type = Framed-User
(9) Framed-MTU = 1500
(9) State = 0x4cc7d48a4fc3cd402157ab210e499381
(9) EAP-Message = 0x0204001119800000000715030300020230
(9) Message-Authenticator = 0xb989e88f0ff2acc6ccbde00cbd9deb8a
(9) session-state: No cached attributes
(9) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ /@\./) {
(9) if (&User-Name =~ /@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 4 length 17
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) authenticate {
(9) eap: Expiring EAP session with state 0x4cc7d48a4fc3cd40
(9) eap: Finished EAP session with state 0x4cc7d48a4fc3cd40
(9) eap: Previous EAP request found for state 0x4cc7d48a4fc3cd40, released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: Continuing EAP-TLS
(9) eap_peap: Peer indicated complete TLS record size will be 7 bytes
(9) eap_peap: Got complete TLS record (7 bytes)
(9) eap_peap: [eaptls verify] = length included
(9) eap_peap: <<< recv TLS 1.2 [length 0002]
(9) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
(9) eap_peap: TLS_accept: Need to read more data: error
(9) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
(9) eap_peap: TLS - In Handshake Phase
(9) eap_peap: TLS - Application data.
(9) eap_peap: ERROR: TLS failed during operation
(9) eap_peap: ERROR: [eaptls process] = fail
(9) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed
(9) eap: Sending EAP Failure (code 4) ID 4 length 4
(9) eap: Failed in EAP select
(9) [eap] = invalid
(9) } # authenticate = invalid
(9) Failed to authenticate the user
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(9) Post-Auth-Type REJECT {
(9) attr_filter.access_reject: EXPAND %{User-Name}
(9) attr_filter.access_reject: --> anonymous
(9) attr_filter.access_reject: Matched entry DEFAULT at line 11
(9) [attr_filter.access_reject] = updated
(9) [eap] = noop
(9) policy remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message) {
(9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(9) else {
(9) [noop] = noop
(9) } # else = noop
(9) } # policy remove_reply_message_if_eap = noop
(9) } # Post-Auth-Type REJECT = updated
(9) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(9) Sending delayed response
(9) Sent Access-Reject Id 99 from 192.168.1.77:1812 to 192.168.1.150:1812 length 44
(9) EAP-Message = 0x04040004
(9) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
(5) Cleaning up request packet ID 95 with timestamp +891
(6) Cleaning up request packet ID 96 with timestamp +891
(7) Cleaning up request packet ID 97 with timestamp +891
(8) Cleaning up request packet ID 98 with timestamp +891
(9) Cleaning up request packet ID 99 with timestamp +891
Ready to process requests
_____________________________________________________
CA.CNF:
prompt = no
distinguished_name = certificate_authority
default_bits = 2048
input_password = whatever
output_password = whatever
x509_extensions = v3_ca
[certificate_authority]
countryName = US
stateOrProvinceName = WI
localityName = Waukesha
organizationName = Company
emailAddress = support at example.org
commonName = "Certificate Authority"
____________________________________________________
SERVER.CNF:
prompt = no
distinguished_name = server
default_bits = 2048
input_password = whatever
output_password = whatever
req_extensions = v3_req
[server]
countryName = US
stateOrProvinceName = WI
localityName = Waukesha
organizationName = Company
emailAddress = support at example.org
commonName = "Server Certificate"
_______________________________________________________
CLIENT.CNF:
prompt = no
distinguished_name = client
default_bits = 2048
input_password = hello
output_password = hello
[client]
countryName = US
stateOrProvinceName = WI
localityName = Waukesha
organizationName = OpenText Corp
emailAddress = support at example.org
commonName = support at example.org
_________________________________________________________
NAS info:
Switch# show run | in 192.168.1
ip address 192.168.1.150 255.255.255.0
ip default-gateway 192.168.1.1
radius-server host 192.168.1.77 auth-port 1812 acct-port 1813 key testing123
More information about the Freeradius-Users
mailing list