hi Paul
> Well, I took the openssl-0.9.7 release initialy, it's no beta anymore > :-) I tried an OpenSSL-snapshot this time, ok, i don't follow it very exactly. so you say that 0.9.7 isn't enough right? you still need the newest snapshot, did i get it correctly? s. below. > TLS_accept: SSLv3 write certificate request A > TLS_accept: SSLv3 flush data > TLS_accept:error in SSLv3 read client certificate A > rlm_eap_tls: SSL_read Error > Error code is ..... 2 > SSL Error ..... 2 > modcall[authenticate]: module "eap" returns ok that's normal, it's not a problem. this message means that SSL can't read its buffers, simply because it's not complete at this point of time. this message is not critical, since ssl retries later. > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: Request not found in the list > rlm_eap: Either EAP-request timed out OR EAP-response to an unknown > EAP-request > modcall[authenticate]: module "eap" returns invalid > modcall: group authenticate returns invalid > auth: Failed to validate the user. > >------------------------------------------------------------------------------------------ > > Hmm, I'll try to create new certificates, maybe there is something wrong > with the DN I supplied. The DN of the root is the hostname of the Radius > server, as is the DN of the Radius-server certificate itself. The client > just has the username as DN; the other parameters are kept the same. try without server authentication first. (you can modify it on your client side). i think that the DN of the root certificate (you mean CA autosigned certificate, right?) doesn't play any role as long as it is installed at both your client and server under "known authorities" (root.pem under FR) why are you getting this late/unknown response? ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
