Hi Phil on 02.11.2012 16:10, Phil Mayers wrote: > On 02/11/12 14:56, Erich Titl wrote: > >> authenticating against a MySQL database appeast to work fine using >> radtest > > This is not really a good test. radtest is sending "pap". > > Download the "wpa_supplicant" sources and compile "eapol_test". > >> I connected a ZyXEL NWA 3160-N (latest Firmware), generated a >> certificate request, signed it using XCA and reimported it on the AP. > > Why does the AP need a cert?
IMHO it does not, but it has one > >> [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca >> TLS Alert read:fatal:unknown CA >> TLS_accept: failed in SSLv3 read client certificate A >> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 >> alert unknown ca >> ..... >> >> There appears to be something wrong with the client certificate passed >> by the AP in the eap conversation. I doublechecked the certificates and >> googled my fingers raw on this. > > No. This is a message *from* the client saying it doesn't trust the > *radius server* certificate. Ahhhh... very interesting, so the client rejects the certificate > > You haven't imported your CA on the client properly. > Mhhhh.... sounds reasonable, just that the AP does not appear to want to import the CA cert, because it wants a corresponding cert request. Thanks a lot, this appears to be just the push that I needed. Erich
smime.p7s
Description: S/MIME Kryptografische Unterschrift
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
