>
> My /etc/raddb/eap.conf :
>
> eap {
> default_eap_type = tls
> timer_expire = 60
> ignore_unknown_eap_types = no
> cisco_accounting_username_bug = no
> tls {
> private_key_password = whatever
> private_key_file = ${raddbdir}/certs/sggs.pem
> certificate_file = ${raddbdir}/certs/sggs.pem
> CA_file = ${raddbdir}/certs/root.pem
> dh_file = ${raddbdir}/certs/dh # I generated
> these two using date > filename
> random_file = ${raddbdir}/certs/random
> fragment_size = 1750
> include_length = yes
> }
> mschapv2 {
> }
> }
>
> My /etc/raddb/users :
>
> "client1" Auth-Type := EAP
>
> "testing123" Auth-Type := Local, User-Password == "testing123"
> #The rest of the file was untouched :
>
> The contents of /etc/xsupplicant.conf :
>
> network_list=sggsathome,caenwireless #(let us ignore the second one for
> the moment)
> default_netname=sggsathome
> startup_command=<BEGIN_COMMAND>echo "XSupplicant initiated"<END_COMMAND>
> first_auth_command=<BEGIN_COMMAND>/sbin/dhclient %i<END_COMMAND>
> reauth_command=<BEGIN_COMMAND>echo "authenticated user %i"<END_COMMAND>
> logfile=/var/log/xsupplicant.log
> allow_interfaces = eth1
> deny_interfaces = lo,eth0
>
> sggsathome{
> allow_types=eap_tls
> identity=<BEGIN_ID>client1<END_ID>
> eap_tls{
> user_cert=/etc/1x/certs/client1.der
> user_key=/etc/1x/client1.pem
> #user_key_pass=<BEGIN_PASS>password for key<END_PASS> # Commented out. A
> little confused here - is it "whatever" (as in CA.*), or the other
> password I used to generate the certificates ? This is not included in
> /etc/1x.conf of the howto I listed above
You have to use "whatever" only if you use freeradius testing certficate,
else you have to put the password for private key of your certificate.
> root_cert=/etc/1x/certs/root.pem
> chunk_size=1750
> random_file=/etc/1x/random # generated using date > filename
> }
> }
> <another network (caenwireless defined here - but it is not relevant)
>
> It does not seem that the file /etc/1x/1x.conf is used, but I created it
> anyways to cover the risk :
I'm using the same config as you, and I don't create this 1x.conf, all is
in xsupplicant.conf.
The HOWTO is very old and maybe it's for an older xsupplicant
> #/usr/local/xsupplicant/sbin/xsupplicant eth1
> Starting XSupplicant!
> Interface eth1 initialized!
> An error occured binding to socket. (Error : Addresss already in use)
> Couldn't initialize daemon socket!
>
here's my xsupplicant.conf with freeradius certificate test files(it works
very fine) :
network_list = all
#network_list = default, test1, test2, all
default_netname = mynetwork
#default_netname = my_defaults
logfile = /var/log/xsupplicant.log
allow_interfaces = eth1
deny_interfaces = eth0, lo
mynetwork
{
allow_type = all
identity = <BEGIN_ID>radiustestor<END_ID>
eap_tls {
user_cert = /usr/local/certs/cert-clt.pem
user_key = /usr/local/certs/cert-clt.pem
user_key_pass = <BEGIN_PASS>whatever<END_PASS>
root_cert = /usr/local/certs/root.pem
}
}
To debug more efficiently, you should clean your config file of freeradius
and xsupplicant and just let what you need.
Hope that help you.
Fred
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
