Thank you for your reply!
Your means is WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x24e5fa322535f760 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ? I don't think is this,beause my client is wpa_supplicant not MS client, and eapol_test work fine. On wpa_supplicant log,we can see: EAP-TLS: Start SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 88 bytes pending from ssl_out SSL: 88 bytes left to be sent out (of total 88 bytes) The TLS just begin , and no certificate be used. By wireshark,I catch these: 62 24.202360000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Unknown code (0x56) 127 54.201965000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Failure 128 54.203784000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Failure 129 54.204412000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Request, Identity [RFC3748] 130 54.291453000 WistronI_20:c6:3d Nearest EAP 28 Response, Identity [RFC3748] 131 54.307143000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Request, EAP-TLS [RFC5216] [Aboba] 132 54.338037000 WistronI_20:c6:3d Nearest SSL 118 Client Hello 133 54.366527000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Unknown code (0x56) 200 84.364442000 Cisco_f5:47:d1 WistronI_20:c6:3d EAP 60 Unknown code (0x56) -----邮件原件----- 发件人: freeradius-users-bounces+guanxu=aotuis....@lists.freeradius.org [mailto:freeradius-users-bounces+guanxu=aotuis....@lists.freeradius.org] 代表 Alan DeKok 发送时间: 2012年6月24日 19:28 收件人: FreeRadius users mailing list 主题: Re: FreeRadius2(certos)+cisco2950+wpa_supplicant(win7) can't work with EAP-TLS 关旭 wrote: > Just like the title,it work fine when I use MSCHAPV2 or MD5, > But PEAP and EAP-TLS not works. > > I test Radius with eapol_test,It also work fine. > > Who can tell me the reason? The debug log you posted has the answer. In big bold letters. Read it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html