Enrique Llanos Vargas wrote: > I've just installed a freeradius+mysql on a debian 6.0.3, first test > from localhost with radtest and mysql user auth (radcheck table) worked > well, 2nd test with radeaptest with mysql and md5 eap method worked well > too, but I don't find a way to make it work with eap+tls:
Follow the EAP-TLS guide on the web site. It *will* work. > Here's my error output: > > *[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca > TLS Alert read:fatal:unknown CA > TLS_accept: failed in SSLv3 read client certificate A That is relatively clear: the client certificate was signed by an unknown CA. > For what I've read, either I must create my own certs for eap+tls Uh... that's how TLS works. You sign client certificates. > or I > can disable TLS, for the 1st, I've followed 'n' guides on the web but > none seems to work for me and for the second, I just dont find where to > disable the eap with TLS. > > I don't really want to use TLS, so if you help me to disable TLS, it'll > be fine for me. Disabling TLS is simple: delete the "tls {...}" block from eap.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html