Hi All, I am using wpa_supplicant-0.5.5 against freeradius - v1.1.3 . I am getting following error :
TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error error:0D07209B:asn1 encoding routines:ASN1_get_object:too long rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. In SSL Handshake Phase In SSL Accept mode rlm_eap: SSL error error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header rlm_eap_tls: BIO_read failed inside of TLS (-1), TLS session fails. eaptls_process returned 13 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 23 modcall: leaving group authenticate (returns reject) for request 23 auth: Failed to validate the user. Login incorrect: [rafi/<no User-Password attribute>] (from client 192.168.1.102 port 19801 cli ) Delaying request 23 for 2 seconds Finished request 23 Here are my configs : test.conf (wpa_supplicant config) linux:/home/admin/wpa_supplicant-0.5.5 # cat test.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ap_scan=0 network={ scan_ssid=0 key_mgmt=IEEE8021X eap=TLS identity="rafi" eapol_flags=0 ca_cert="/etc/1x/eap_tls/certs/cacert.pem" client_cert="/etc/1x/eap_tls/certs/clientcert.pem" private_key="/etc/1x/eap_tls/certs/clientkey.pem" private_key_passwd="wimax i2 test certs" } eap.conf : eap { default_eap_type = tls timer_expire = 120 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { rsa_key_exchange = yes dh_key_exchange = no rsa_key_length = 1024 dh_key_length = 1024 verify_depth = 2 pem_file_type = yes private_key_password = "wimax i2 test certs" private_key_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/serverkey.pem certificate_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/servercert.pem CA_file = /usr/local/etc/raddb/certs/rafi/eap_tls_certs/cacert.pem dh_file = /usr/local/etc/raddb/certs/rafi/dh random_file = /usr/local/etc/raddb/certs/rafi/random fragment_size = 1024 include_length = yes check_cert_cn = %{User-Name} } } users : rafi Auth-Type := EAP -- Rafiqul Ahsan 630-717-1698(h) 2120 Periwinkle Ln 630-689-1457(h) Naperville, IL 60540 847-812-6176(c)
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html