EAP-TLS authentication error

Sat, 16 Dec 2006 17:50:09 -0800 

Hi All,

I am using wpa_supplicant-0.5.5 against freeradius - v1.1.3 . I am getting
following error :

TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too
long
rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap: SSL error error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad
object header
rlm_eap_tls: BIO_read failed inside of TLS (-1), TLS session fails.
 eaptls_process returned 13
 rlm_eap: Freeing handler
 modcall[authenticate]: module "eap" returns reject for request 23
modcall: leaving group authenticate (returns reject) for request 23
auth: Failed to validate the user.
Login incorrect: [rafi/<no User-Password attribute>] (from client
192.168.1.102 port 19801 cli )
Delaying request 23 for 2 seconds
Finished request 23

Here are my configs :

test.conf (wpa_supplicant config)

linux:/home/admin/wpa_supplicant-0.5.5 # cat test.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=0
network={
       scan_ssid=0
       key_mgmt=IEEE8021X
       eap=TLS
       identity="rafi"
       eapol_flags=0
       ca_cert="/etc/1x/eap_tls/certs/cacert.pem"
       client_cert="/etc/1x/eap_tls/certs/clientcert.pem"
       private_key="/etc/1x/eap_tls/certs/clientkey.pem"
       private_key_passwd="wimax i2 test certs"
}

eap.conf :


       eap {
               default_eap_type = tls

               timer_expire     = 120
               ignore_unknown_eap_types = no

               cisco_accounting_username_bug = no

               md5 {
               }

               leap {
               }

               gtc {
                       auth_type = PAP
               }

   tls {
     rsa_key_exchange = yes
     dh_key_exchange = no
     rsa_key_length = 1024
     dh_key_length = 1024
     verify_depth = 2
     pem_file_type = yes

           private_key_password = "wimax i2 test certs"

           private_key_file =
/usr/local/etc/raddb/certs/rafi/eap_tls_certs/serverkey.pem
           certificate_file =
/usr/local/etc/raddb/certs/rafi/eap_tls_certs/servercert.pem
           CA_file =
/usr/local/etc/raddb/certs/rafi/eap_tls_certs/cacert.pem
           dh_file = /usr/local/etc/raddb/certs/rafi/dh
           random_file = /usr/local/etc/raddb/certs/rafi/random

     fragment_size = 1024

     include_length = yes

     check_cert_cn = %{User-Name}
   }


}



users :

rafi   Auth-Type := EAP






--
Rafiqul Ahsan                630-717-1698(h)
2120 Periwinkle Ln         630-689-1457(h)
Naperville, IL 60540        847-812-6176(c)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to