Hi,
I am trying to authenticate my Windows XP supplicant by using EAP-TLS.
Whilst the authentication process I see the following errors in my radius server log.
Thu Aug 5 17:42:48 2004 : Error: rlm_eap_tls: conf N ctx stored
Thu Aug 5 17:42:48 2004 : Info: Listening on IP address *, ports 1812/udp and 1
813/udp, with proxy on 1814/udp.
Thu Aug 5 17:42:48 2004 : Info: Ready to process requests.
Thu Aug 5 17:43:52 2004 : Info: rlm_eap_tls: Length Included
Thu Aug 5 17:43:52 2004 : Info: undefined: before/accept initialization
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: before/accept initialization
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 read client hello A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 write server hello A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 write certificate A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 write certificate request A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 flush data
Thu Aug 5 17:43:52 2004 : Error: TLS_accept:error in SSLv3 read client certific
ate A
Thu Aug 5 17:43:52 2004 : Info: rlm_eap_tls: SSL_read Error
Thu Aug 5 17:43:52 2004 : Error: Error code is ..... 2
Thu Aug 5 17:43:52 2004 : Error: SSL Error ..... 2
Thu Aug 5 17:42:48 2004 : Info: Listening on IP address *, ports 1812/udp and 1
813/udp, with proxy on 1814/udp.
Thu Aug 5 17:42:48 2004 : Info: Ready to process requests.
Thu Aug 5 17:43:52 2004 : Info: rlm_eap_tls: Length Included
Thu Aug 5 17:43:52 2004 : Info: undefined: before/accept initialization
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: before/accept initialization
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 read client hello A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 write server hello A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 write certificate A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 write certificate request A
Thu Aug 5 17:43:52 2004 : Info: TLS_accept: SSLv3 flush data
Thu Aug 5 17:43:52 2004 : Error: TLS_accept:error in SSLv3 read client certific
ate A
Thu Aug 5 17:43:52 2004 : Info: rlm_eap_tls: SSL_read Error
Thu Aug 5 17:43:52 2004 : Error: Error code is ..... 2
Thu Aug 5 17:43:52 2004 : Error: SSL Error ..... 2
The enteries of my radius.conf are
## EAP-TLS is highly experimental EAP-Type at the moment.
# Please give feedback on the mailing list.
#tls {
# private_key_password = password
# private_key_file = /path/filename
tls{
private_key_password = try123
private_key_file = /home/rusra/chlrs/radius.pem
#changed on 7.7
# If Private key & Certificate are located in
# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
# certificate_file = /path/filename
certificate_file = /home/rusra/chlrs/srv-crt.pem #changed on 7.7
# Trusted Root CA list
# CA_file = /path/filename
CA_file = /home/rusra/chlrs/cacert.pem #changed on 7.7
# CA_file = /path/filename
CA_file = /home/rusra/chlrs/cacert.pem #changed on 7.7
# dh_file = /path/filename
# random_file = /path/filename
dh_file = /home/rusra/certs/dh
random_file = /home/rusra/certs/random #changed on 7.7
# random_file = /path/filename
dh_file = /home/rusra/certs/dh
random_file = /home/rusra/certs/random #changed on 7.7
#
# This can never exceed the size of a RADIUS
# packet (4096 bytes), and is preferably half
# that, to accomodate other attributes in
# RADIUS packet. On most APs the MAX packet
# length is configured between 1500 - 1600
# In these cases, fragment size should be
# 1024 or less.
#
# fragment_size = 1024
fragment_size = 1750
}
#end tls
# This can never exceed the size of a RADIUS
# packet (4096 bytes), and is preferably half
# that, to accomodate other attributes in
# RADIUS packet. On most APs the MAX packet
# length is configured between 1500 - 1600
# In these cases, fragment size should be
# 1024 or less.
#
# fragment_size = 1024
fragment_size = 1750
}
#end tls
Do any body have some idea why server is unable to read client certificate.
Regards,
Raza.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
