thx, Fabrice, pls see replies in the text

________________________________
From: Durand fabrice via PacketFence-users 
<packetfence-users@lists.sourceforge.net>
Sent: Tuesday, July 28, 2020 04:41
To: packetfence-users@lists.sourceforge.net 
<packetfence-users@lists.sourceforge.net>
Cc: Durand fabrice <fdur...@inverse.ca>
Subject: Re: [PacketFence-users] EAP-TLS with integrated PKI - "Unable to 
retrieve your profile file"


Hello Tobias,

Le 20-07-26 à 10 h 06, Juraj Tobias via PacketFence-users a écrit :
trying to get EAP-TLS with the new integrated PKI working, but run into 
problems with actual provisioning on the client computer - on registration wifi 
all works fine, user (after successfull auth) gets the password and link for 
the windows agent, however, upon clicking the "Configure" button, an error 
message appears: "Unable to retrieve your profile file, please contact your 
local support".
I will need to see the logs.
I'd check myself, however, there are many, didn't see anything useful in those 
I checked, so if I could get the name of the log files to check, i'll gladly 
provide.

I have a hunch this has something to do with adding the PKI-generated radius 
SSL cert to the RADIUS' configuration (not sure if/why this doesn't happen 
automatically?), as suggested in the installation manual, however, the steps 
described there are very unclear (actually, there's just a mention not to 
forget to add it to the config, but the steps how to do that are missing 
altogetger) - I tried to do it via 'System configuration -> RADIUS -> SSL 
certificates', however, the "New SSL certificate" form requires me to provide 
an Intermediate CA, which simply doesn't exist in the integrated PKI's 
generated CA.

does anyone please know, if:

  1.  adding the CA's cert is actually needed?

Yes, it's not yet automatic but you need to copy the ca cert in Configuration 
-> SSL -> Radius.
this one is a bit confusing. there are 2 nodes you might be referring to: 1: 
System Configuration > SSL Certificates > RADIUS, OR 2: System Configuration > 
RADIUS > SSL Certificates. which one do you have in mind?

  1.  what does the error message mean?

wrong profile maybe or dns issue.

  1.  where on the server should I be looking for the generated XMLs?

from the laptop itself you can go to https://lost.com//profile.xml
not sure the url didn't get scrambled - are there supposed to be 2x slash, or 
it's just https://<my-packetfence-host>/profile.xml ?
or can anyone point me somewhere where I could find some more info?

thanks a lot!
j.




_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to