That comes later! :) --Guy
On 5 Mar 2011, at 17:56, Luke Hammond wrote: > Ahh ok. thanks. THought you were talking about a captive portal. > > On 5/03/2011 2:39 PM, Guy wrote: >> it wasn't Freeradius providing the login window, it was OSX... trying to >> logon to the WiFi Network >> >> --Guy >> >> On 5 Mar 2011, at 17:26, Luke Hammond wrote: >> >>> Just a side question, how did you get Freedradius to give you a login >>> window? i tried this and couldn't see how to get it to work.. so had to use >>> another portal for this. >>> >>> >>> On 5/03/2011 2:10 PM, Gary Gatten wrote: >>>> FR just does what its told. I think the settings need to be changed on >>>> your wireless gear. >>>> >>>> ----- Original Message ----- >>>> From: Guy [mailto:g...@britewhite.net] >>>> Sent: Saturday, March 05, 2011 10:46 AM >>>> To: >>>> freeradius-users@lists.freeradius.org<freeradius-users@lists.freeradius.org> >>>> Subject: Freeradius2 and OSX clients no TLS >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> Hi, >>>> >>>> I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise >>>> 2, and I have it basically working. my iPhone/iPad are able to >>>> authenticate and connect via the base station. However my Mac (OSX 10.6 >>>> Snow leopard) Laptops are having issues. >>>> >>>> I do not want to push out Client certificates to the laptops. I also do >>>> not want people to have to perform any customisations on the clients. >>>> >>>> When the laptop attempts to join the network I get a nice login window, >>>> with username/password. This is fine. However without playing with the >>>> network settings (802.1x settings). I'm not able to join the network >>>> because I do not have a client Cert: >>>> >>>> Sat Mar 5 16:21:28 2011 : Error: --> verify error:num=19:self signed >>>> certificate in certificate chain >>>> Sat Mar 5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA >>>> Sat Mar 5 16:21:28 2011 : Error: TLS_accept:error in SSLv3 read >>>> client certificate B >>>> Sat Mar 5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL >>>> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned >>>> Sat Mar 5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call >>>> (-1), TLS session fails. >>>> Sat Mar 5 16:21:28 2011 : Auth: Login incorrect: [guy/<via Auth-Type = >>>> EAP>] (from client extreme port 0 cli 00-19-E3-E1-BA-C5) >>>> >>>> >>>> However if I do change the 802.1x settings on the mac to not try and to >>>> TLS then I'm able to connect just fine. either by PEAP, or TTLS.. >>>> >>>> So finally my question... How can I reconfigure Radius to not try and >>>> offer TLS or if it does offer TLS to not die if a cert is not presented?? >>>> >>>> I have tried some suggestions such as commenting out the CA in the >>>> eap.conf file, but still I fail to pass the TLS. >>>> >>>> Thanks >>>> >>>> - ---Guy >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin) >>>> >>>> iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT >>>> zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L >>>> =JyX7 >>>> -----END PGP SIGNATURE----- >>>> >>>> - >>>> List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>>> >>>> >>>> >>>> >>>> >>>> <font size="1"> >>>> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in >>>> 0in 1.0pt 0in'> >>>> </div> >>>> "This email is intended to be reviewed by only the intended recipient >>>> and may contain information that is privileged and/or confidential. >>>> If you are not the intended recipient, you are hereby notified that >>>> any review, use, dissemination, disclosure or copying of this email >>>> and its attachments, if any, is strictly prohibited. If you have >>>> received this email in error, please immediately notify the sender by >>>> return email and delete this email from your system." >>>> </font> >>>> >>>> >>>> - >>>> List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
