Hi All, I see a similar thing mentioned in the mailing list but I'm unsure why this is happening.
In my eap.conf I see the following: # This parameter is used only for EAP-TLS, # when you issue client certificates. If you do # not use client certificates, and you do not want # to permit EAP-TLS authentication, then delete # this configuration item. #CA_file = ${cadir}/ca.pem And I'm getting these errors logged from time to time. Feb 23 13:05:07 avocet radiusd[15992]: TLS Alert read:fatal:unknown CA Feb 23 13:05:07 avocet radiusd[15992]: rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca If we're not using EAP-TLS but rather PEAP, EAP-TTLS-MSCHAPv2 do we really need to uncomment the CA_file variable? The docs seem to indicate no, but the mailing lists indicate yes. Can someone provide clarification? Cheers, Harry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html