检查一下时间系统,要求在证书的有效期内 CA的事情有点难说,你再检查下配置
On Thu, May 13, 2010 at 10:53 AM, Zheng, Jiajia <jiajia.zh...@intel.com>wrote: > Alan DeKok wrote: > > Zheng, Jiajia wrote: > >>> 11. EAP-TLS failed, see the attached tls.log for the output of > >>> radiusd Could you help me out on this issue? > > > > Paste the debug output into the "self-help" form at: > > > > http://networkradius.com/freeradius.html > > > > Look for red text. > > > >>> Is there anything I did wrong? Let me know if you need more > >>> debugging info. > > > > The debug log already shows everything you need to know. > > > > The CA used by the client is *not* the same as the CA used by the > > server. > > > Yes, from the debug log, we can tell that the CA is wrong. > But as I mentioned that the same CA works fine with EAP-TTLS. Why it goes > wrong with EAP-TLS? > Here is my configure file for EAP-TTLS which works. > WPA_EAP_TTLS_CHAP.conf > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > network={ > ssid="ASUS-2.4G" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=TTLS > identity="root" > password="wireless" > ca_cert="./ca.pem" > phase2="auth=CHAP" > } > Here is my configure file for EAP-TLS which fails authentication. > WPA_EAP_TLS.conf > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > network={ > ssid="ASUS-2.4G" > scan_ssid=1 > key_mgmt=WPA-EAP > eap=TLS > identity="root" > ca_cert="./ca.pem" > client_cert="./client.pem" > private_key="./client.pem" > private_key_passwd="whatever" > } > > The client.pem used by client was also copied from server. > Is there anything wrong with my configure file? I also attached the *.pem. > > Thanks, > jiajia > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html