Hello Tobias,
Le 20-07-26 à 10 h 06, Juraj Tobias via PacketFence-users a écrit :
trying to get EAP-TLS with the new integrated PKI working, but run
into problems with actual provisioning on the client computer - on
registration wifi all works fine, user (after successfull auth) gets
the password and link for the windows agent, however, upon clicking
the "Configure" button, an error message appears: "Unable to retrieve
your profile file, please contact your local support".
I will need to see the logs.
I have a hunch this has something to do with adding the PKI-generated
radius SSL cert to the RADIUS' configuration (not sure if/why this
doesn't happen automatically?), as suggested in the installation
manual, however, the steps described there are very unclear (actually,
there's just a mention not to forget to add it to the config, but the
steps how to do that are missing altogetger) - I tried to do it via
'System configuration -> RADIUS -> SSL certificates', however, the
"New SSL certificate" form requires me to provide an Intermediate CA,
which simply doesn't exist in the integrated PKI's generated CA.
does anyone please know, if:
1. adding the CA's cert is actually needed?
Yes, it's not yet automatic but you need to copy the ca cert in
Configuration -> SSL -> Radius.
1. what does the error message mean?
wrong profile maybe or dns issue.
1. where on the server should I be looking for the generated XMLs?
from the laptop itself you can go to https://lost.com//profile.xml
or can anyone point me somewhere where I could find some more info?
thanks a lot!
j.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users