Cool, well if you need that part, i have Coovachilli running quite
nicely.. I thought that Freeradius had its own captive portal, but
couldnt see any way to get it working
On 5/03/2011 3:08 PM, Guy wrote:
That comes later! :)
--Guy
On 5 Mar 2011, at 17:56, Luke Hammond wrote:
Ahh ok. thanks. THought you were talking about a captive portal.
On 5/03/2011 2:39 PM, Guy wrote:
it wasn't Freeradius providing the login window, it was OSX... trying to logon
to the WiFi Network
--Guy
On 5 Mar 2011, at 17:26, Luke Hammond wrote:
Just a side question, how did you get Freedradius to give you a login window? i
tried this and couldn't see how to get it to work.. so had to use another
portal for this.
On 5/03/2011 2:10 PM, Gary Gatten wrote:
FR just does what its told. I think the settings need to be changed on your
wireless gear.
----- Original Message -----
From: Guy [mailto:g...@britewhite.net]
Sent: Saturday, March 05, 2011 10:46 AM
To: freeradius-users@lists.freeradius.org<freeradius-users@lists.freeradius.org>
Subject: Freeradius2 and OSX clients no TLS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, and
I have it basically working. my iPhone/iPad are able to authenticate and
connect via the base station. However my Mac (OSX 10.6 Snow leopard) Laptops
are having issues.
I do not want to push out Client certificates to the laptops. I also do not
want people to have to perform any customisations on the clients.
When the laptop attempts to join the network I get a nice login window, with
username/password. This is fine. However without playing with the network
settings (802.1x settings). I'm not able to join the network because I do not
have a client Cert:
Sat Mar 5 16:21:28 2011 : Error: --> verify error:num=19:self signed
certificate in certificate chain
Sat Mar 5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA
Sat Mar 5 16:21:28 2011 : Error: TLS_accept:error in SSLv3 read client
certificate B
Sat Mar 5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Sat Mar 5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call (-1),
TLS session fails.
Sat Mar 5 16:21:28 2011 : Auth: Login incorrect: [guy/<via Auth-Type = EAP>]
(from client extreme port 0 cli 00-19-E3-E1-BA-C5)
However if I do change the 802.1x settings on the mac to not try and to TLS
then I'm able to connect just fine. either by PEAP, or TTLS..
So finally my question... How can I reconfigure Radius to not try and offer TLS
or if it does offer TLS to not die if a cert is not presented??
I have tried some suggestions such as commenting out the CA in the eap.conf
file, but still I fail to pass the TLS.
Thanks
- ---Guy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT
zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L
=JyX7
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in
1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html