it wasn't Freeradius providing the login window, it was OSX... trying to logon to the WiFi Network
--Guy On 5 Mar 2011, at 17:26, Luke Hammond wrote: > Just a side question, how did you get Freedradius to give you a login window? > i tried this and couldn't see how to get it to work.. so had to use another > portal for this. > > > On 5/03/2011 2:10 PM, Gary Gatten wrote: >> FR just does what its told. I think the settings need to be changed on your >> wireless gear. >> >> ----- Original Message ----- >> From: Guy [mailto:[email protected]] >> Sent: Saturday, March 05, 2011 10:46 AM >> To: >> [email protected]<[email protected]> >> Subject: Freeradius2 and OSX clients no TLS >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, >> and I have it basically working. my iPhone/iPad are able to authenticate >> and connect via the base station. However my Mac (OSX 10.6 Snow leopard) >> Laptops are having issues. >> >> I do not want to push out Client certificates to the laptops. I also do not >> want people to have to perform any customisations on the clients. >> >> When the laptop attempts to join the network I get a nice login window, with >> username/password. This is fine. However without playing with the network >> settings (802.1x settings). I'm not able to join the network because I do >> not have a client Cert: >> >> Sat Mar 5 16:21:28 2011 : Error: --> verify error:num=19:self signed >> certificate in certificate chain >> Sat Mar 5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA >> Sat Mar 5 16:21:28 2011 : Error: TLS_accept:error in SSLv3 read client >> certificate B >> Sat Mar 5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL >> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned >> Sat Mar 5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call >> (-1), TLS session fails. >> Sat Mar 5 16:21:28 2011 : Auth: Login incorrect: [guy/<via Auth-Type = >> EAP>] (from client extreme port 0 cli 00-19-E3-E1-BA-C5) >> >> >> However if I do change the 802.1x settings on the mac to not try and to TLS >> then I'm able to connect just fine. either by PEAP, or TTLS.. >> >> So finally my question... How can I reconfigure Radius to not try and offer >> TLS or if it does offer TLS to not die if a cert is not presented?? >> >> I have tried some suggestions such as commenting out the CA in the eap.conf >> file, but still I fail to pass the TLS. >> >> Thanks >> >> - ---Guy >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.17 (Darwin) >> >> iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT >> zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L >> =JyX7 >> -----END PGP SIGNATURE----- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> >> >> >> <font size="1"> >> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in >> 0in 1.0pt 0in'> >> </div> >> "This email is intended to be reviewed by only the intended recipient >> and may contain information that is privileged and/or confidential. >> If you are not the intended recipient, you are hereby notified that >> any review, use, dissemination, disclosure or copying of this email >> and its attachments, if any, is strictly prohibited. If you have >> received this email in error, please immediately notify the sender by >> return email and delete this email from your system." >> </font> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
