I have Cisco Aironet 1100's that I am setting up on a private LAN that go through a Firewall to get to the internal LAN. The FreeRadius server is on the internal LAN.
Ok, so what works: I can connect the client (supplicant) to the Wireless G Aironet that authenticates to the FreeRadius Server. I can then connect to the VPN (which also authenticates to the Radius server). Everything there is happy. What does not work: The Aironet's use a system called WDS to allow roaming between the access points. I set up one unit to be the primary WDS, and configure a second Aironet to use WDS. The Aironets use the Radius server for authentication, but they never are able to authenticate with the WDS. What I think I am doing wrong: I believe that I need to activate peap for the Cisco Aironets to authenticate. I have tried to set this up per documentation, but I get the following error when I now try to activate the FreeRadius server using "radiusd -A -X", cut to just show the eap module failure: ****************************************** Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "(null)" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" 9616:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTICATE 9616:error:0200100E:system library:fopen:Bad address:bss_file.c:259:fopen('','r') 9616:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:261: 9616:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib:ssl_rsa.c:513: rlm_eap_tls: Error reading certificate file rlm_eap: Failed to initialize type tls radiusd.conf[9]: eap: Module instantiation failed. *************************************************** I have tried to use CA.all to create a certificate, but it gives an error during the certificate creation. I have created a certificate manually using openssl, and moved it into the /usr/local/etc/raddb/certs folders (and DemoCA folders), but the server still fails. I am running RedHat 9, kernel 2.4.20-8smp; openssl-0.9.7a-2; freeradius-0.9.3-1.1 Does anyone know if the peap is even needed with the Aironets? If so, is there another howto or other docs I can RTFM to resolve this certificate issue, or do I just need to hack all of the config files, CA.all, etc... Has anyone got this type of setup working (Cisco Aironet's running WDS and FreeRadius)? Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html