thx, Fabrice, pls see replies in the text ________________________________ From: Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Tuesday, July 28, 2020 04:41 To: packetfence-users@lists.sourceforge.net <packetfence-users@lists.sourceforge.net> Cc: Durand fabrice <fdur...@inverse.ca> Subject: Re: [PacketFence-users] EAP-TLS with integrated PKI - "Unable to retrieve your profile file"
Hello Tobias, Le 20-07-26 à 10 h 06, Juraj Tobias via PacketFence-users a écrit : trying to get EAP-TLS with the new integrated PKI working, but run into problems with actual provisioning on the client computer - on registration wifi all works fine, user (after successfull auth) gets the password and link for the windows agent, however, upon clicking the "Configure" button, an error message appears: "Unable to retrieve your profile file, please contact your local support". I will need to see the logs. I'd check myself, however, there are many, didn't see anything useful in those I checked, so if I could get the name of the log files to check, i'll gladly provide. I have a hunch this has something to do with adding the PKI-generated radius SSL cert to the RADIUS' configuration (not sure if/why this doesn't happen automatically?), as suggested in the installation manual, however, the steps described there are very unclear (actually, there's just a mention not to forget to add it to the config, but the steps how to do that are missing altogetger) - I tried to do it via 'System configuration -> RADIUS -> SSL certificates', however, the "New SSL certificate" form requires me to provide an Intermediate CA, which simply doesn't exist in the integrated PKI's generated CA. does anyone please know, if: 1. adding the CA's cert is actually needed? Yes, it's not yet automatic but you need to copy the ca cert in Configuration -> SSL -> Radius. this one is a bit confusing. there are 2 nodes you might be referring to: 1: System Configuration > SSL Certificates > RADIUS, OR 2: System Configuration > RADIUS > SSL Certificates. which one do you have in mind? 1. what does the error message mean? wrong profile maybe or dns issue. 1. where on the server should I be looking for the generated XMLs? from the laptop itself you can go to https://lost.com//profile.xml not sure the url didn't get scrambled - are there supposed to be 2x slash, or it's just https://<my-packetfence-host>/profile.xml ? or can anyone point me somewhere where I could find some more info? thanks a lot! j. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users