[email protected] wrote: > Freeradius is 2.x on a Debian 5.0. My first attempt was with MD5, which > works without any problem. > Next step is TLS, which works at 50%. Well, the client authentication of TLS > works, but when I configure to do a server authentication within the IP > phone´s setup, it fails. ... > ============================================================================================================================= > As soon as I enable "Server Authentication" wthin the IP phone, it fails: > ============================================================================================================================= > > > Going to the next request > Ready to process requests. > rad_recv: Access-Request packet from host 192.168.10.130 port 1812, id=146, > length=336
EAP Identity... > Sending Access-Challenge of id 146 to 192.168.10.130 port 1812 > Framed-Protocol = PPP > Framed-Compression = Van-Jacobson-TCP-IP > EAP-Message = 0x011800060d20 Starting EAP-TLS... > rad_recv: Access-Request packet from host 192.168.10.130 port 1812, id=147, > length=343 ... > EAP-Message = 0x02180006030d Ugh. > [eap] ERROR! Our request for tls was NAK'd with a request for tls. Skipping > the requested type. Yup. > Well, what´s going wrong? The client is badly written. It shouldn't NAK tls with a request for TLS. The likely cause is that the client (for some unknown reason) doesn't like the server certificate. I would suggest trying with different certificates, and possibly different EAP types. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
