Wiedemann, Joerg wrote: > I got a little further in using eapol_test. Now the radius server > reports the following.
There is a lot... but reading it for "error" and "failure" doesn't hurt, either. ... > [tls] <<< TLS 1.0 Handshake [length 0382], Certificate > --> verify error:num=20:unable to get local issuer certificate > [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca > TLS Alert write:fatal:unknown CA > TLS_accept:error in SSLv3 read client certificate B > rlm_eap: SSL error error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > SSL: SSL_read failed in a system call (-1), TLS session fails. > TLS receive handshake failed during operation > [tls] eaptls_process returned 4 > [eap] Handler failed in EAP/tls > [eap] Failed in EAP select > ++[eap] returns invalid > Failed to authenticate the user. The certs you are using are wrong or non-existent. Follow the guide on http://deployingradius.com to get EAP working. There is also an EAP-TLS "howto" on freeradius.org, and on the wiki. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
