Martin Ubank wrote: >> Martin Ubank wrote: >>> The following lines from the output of the 'eapol_test' command seem >> to indicate a problem with the root certificate.: >>> OpenSSL: tls_connection_ca_cert - Failed to load root certificates >> error:00000000:lib(0):func(0):reason(0) >> >> Fix that and it should work. > > I've not been able to fix it yet. > The Openssl-Users list hasn't been able to suggest anything. > > I am running 'eapol_test -c test.conf -s testing123' from the CentOS VM on > which FreeRadius is installed.
If it's an error from eapol_test, ask on the hostap list. I really don't know enough about OpenSSL to say more. > The 'bootstrap' script contains: Yes... we know. >>From this script, I understand that: > ca.der is created by 'openssl x509 -inform PEM -outform DER -in ca.pem -out > ca.der'; > ca.key & ca.pem are created by > 'openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days > ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf'. > > So, how does FreeRadius expect to load the root certificate from ca.der? It uses OpenSSL/ > If it can't, then what file should be in the ca_cert directive in my > test.conf file? No idea. > Or, is 'eapol_test' not the correct way to test "Configuring FreeRADIUS to > use ntlm_auth for MS-CHAP"? It is one way to test. In 2.1.12, you can use radclient to send MS-CHAP packets to the server. See raddb/sites-available/inner-tunnel Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html