The TLS phase of the authentication is occuring inside the device. The device only trusts server certificates issued by the WiMAX Forum CA. This might explain why the authentication is failing. Could you pl post the supplicant.log which should provide additional info to confirm. It would be located in the var/log/wimax of the install-prefix folder you used during configure. Unfortunately at this time, it is not easily possible to allow the device to use TLS implementation on the host (in the Supplicant) which could then be configured to allow trusting CA certificates of your choice as you were attempting in this case.
regards, jayant --------------------------------------------------------- From: Fergal Cassidy [mailto:[email protected]] Sent: Tuesday, March 17, 2009 6:39 AM To: linux-wimax Subject: WiMAX Network Service 1.4.0 I am doing some testing of the 5150 Cpe with Motorola base stations and we are using a AAA server with EAP-TTLS authentication. I understand that the EAP-TTLS authentication sequence is as follows - AAA sends certificate to device - device checks this against a locally stored root certificate - device sends (MS-CHAPv2) username/password to the AAA - AAA verifies username/password - authentication complete We are getting the Certificate Rejected message from the supplicant interface code of the wimaxd. I attach the xml configuration and the certificates that we are using. Would it be possible to verify why these certificates are being rejected. Regards Fergal Cassidy Nomad Digitial _______________________________________________ wimax mailing list [email protected] http://www.linuxwimax.org/mailman/listinfo/wimax
