Johan Arens wrote:
Well thanks for the answers.

What is puzzled me, is the error message error reading client certificate, it's like freeradius is waiting the client send it's certificate.

Yes, it's a misleading error message, but trust me it's meaningless. Lots of people get it. My working PEAP server gets it.

However with TTLS, the client doen't have a client certificate. It only

Indeed. However you can still ask the TLS connection for it, you just don't get it AND it's not a problem. You're seeing the error because the code is generalised between the TLS and TTLS paths (I think - or maybe it was copy'n'pasted)

has a copy of the root certificate. I'm going to setup a wpa_supplicant with a linux client to try to make it work.

FWIW the "eapol_test" program that comes with wpa_supplicant is also very useful for verifying you've got the radius bit working without having to fiddle with APs. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to