Hi, > The complete certification path is installed on the client. The client > don't have an extra client certificate, server certificate check is > turned off in wireless settings.
Turned off? Thanks, that's a new piece of info! That would hint towards a different problem indeed. > Original radius works fine, with both SSIDs, new radius does not. > So what's wrong? The debug output still points towards: the client doesn't want to speak to the server after starting the EAP conversation. If it's not a certificate problem, something else is different between the two RADIUS servers. What did you do after cloning the VM? Did you upgrade FreeRADIUS from an older version maybe? It would certainly help if you could post the debug output of the old server vs. the new one; for the EAP conversation in its entirety, not just the last packet exchange. If you positively want to rule out that the certificate change was the problem, you could, if your CA's policy allows, install the old server's certificate on the new instance. For IEEE 802.1X, there is no requirement that DNS names and CN/subjectAltNames match. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html