I was having same message (rlm_eap_tls: Requiring client certificate)
because there was a mistake in eap.conf.
Look at "default_eap_type = ttls" line under "eap {" or "tls {" (not sur
efor the right place because I've a similar problem to your now)
eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
# Supported EAP-types
md5 {
}
# EAP-TLS
tls {
# default_eap_type = ttls
private_key_password = astronomie
EAP-TTLS has two phase : one to establish tunnel (server send it
certificate), second to authenticate client (it send encrypted
username/password)
Hope to help you (else, contact me directly in french david.roumanet $
grenet.fr)
David
Maurice.Bourguel a �crit :
Hello all,
I'm using freeradius-1.0.2 with AceesPoint Cisco ap1100; I'm
using eap/ttls to authenticate users.
I try to connect to with Xp clients or Mac osX clients; All go wrong.
When using Mac OSX client and 802.1X setup ( authentification TTLS alone
with PAP Authentication interne TTLS) Mac OSX client obtain the two
certificates: authoritative and server. But it is not connecting. It loops
on authentication process.
Here is the trace from /usr/local/sbin/radiusd -X -A:
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 127 to 139.124.3.235:21661
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x37a760f21d2a0b8d0fdd492ccd5e7d17
Finished request 2
Going to the next request
--- Walking the entire request list ---
What means
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
How should I fix this?
Any help will be appreciated.
I have configured freeradius and openssl using these articles:
http://www.alphacore.net/spip/article.php3?id_article=45
http://www.alphacore.net/spip/article.php3?id_article=33
http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html
Regards,
Maurice
***********************************************************
* e-mail : [EMAIL PROTECTED] *
----------------------------------------------------------
* Maurice Bourguel + *
* CIRM - MENRT-CNRS-SMF + *
* case 916, 163 Avenue de Luminy + tel (33) 04 91 83 30 23*
* 13288 Marseille Cedex 9 + fax (33) 04 91 83 30 05*
***********************************************************
*http://www.cirm.univ-mrs.fr *
***********************************************************
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
begin:vcard
fn:David ROUMANET
n:ROUMANET;David
org:CICG
adr;quoted-printable;quoted-printable;dom:;;351 avenue de la Biblioth=C3=A8que;Saint-Martin d'H=C3=A8res;;38
email;internet:[EMAIL PROTECTED]
title;quoted-printable:Ing=C3=A9nieur R=C3=A9seau
tel;work:+33 (0)4 76 51 46 08
x-mozilla-html:TRUE
url:http://www.grenet.fr
version:2.1
end:vcard
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
