hi all! i am trying to set up eap/tls using freeradius (1.0.4, on debian sarge, built package with option -disable-shared) and ran in the following problem: if i am using the wrong certificate (both client and server certs were build like the ones in the freeradius package using adapted CA.certs) freeradius crashes!
the last lines of the output from "freeradius -X -A -s" is: -----8<----- rad_recv: Access-Request packet from host 192.168.0.5:1028, id=35, length=167 User-Name = "test" NAS-IP-Address = 192.168.0.5 NAS-Identifier = "Hawalius" Framed-MTU = 1496 Called-Station-Id = "00-a0-c5-d1-03-15" Calling-Station-Id = "00-30-65-16-7d-49" NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800250d800000001b1503010016cfbdb541e440865ba84b325309cdc5ad9d36af5784ff State = 0x0d56c72289ea3a6f6b45a070acc255db Message-Authenticator = 0x926e442107d8167882c136d983905804 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_eap: EAP packet type response id 8 length 37 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 15 modcall: group authorize returns updated for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 060b], Certificate --> verify error:num=26:unsupported certificate purpose chain-depth=0, error=26 Segmentation fault ----->8----- actually i am not sure to have all configured correctly because i get an access-accept reply regardless of username and password but with the 'correct' certificate. btw: the client is a mac os x 10.3.9 any ideas anyone?? thanks in advance for any hint! markus -- Markus Krause email: [EMAIL PROTECTED] Computing Center Tel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 --------------------------------------------------------------------- This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html