John, I changed the sequence in step b) of "SERVER-SIDE" as ::
su - rm /etc/raddb/modules/dhcp_sqlippool cd /etc/raddb/certs make destroycerts make make client cp client.p12 /home/ajay cp ca.pem /home/ajay chmod 0644 /home/ajay/client.p12 chmod 0644 /home/ajay/ca.pem chown ajay.ajay /home/ajay/client.p12 chown ajay.ajay /home/ajay/ca.pem However, I get the exact same earlier dreaded logs :( On Wed, Jan 9, 2013 at 8:29 AM, John Dennis <jden...@redhat.com> wrote: > On 01/08/2013 03:53 PM, Ajay Garg wrote: > >> >> >> On Tue, Jan 8, 2013 at 6:45 PM, John Dennis <jden...@redhat.com >> <mailto:jden...@redhat.com>> wrote: >> >> On 01/08/2013 05:10 AM, Ajay Garg wrote: >> >> Could you please specify the order of scripts to be run, so that >> proper >> certificates may be generated - both for the server, and the >> client? :P >> >> >> You were given the answer. It's not just a matter of running the >> scripts it also requires knowing what the scripts output and how to >> configure *both* the client and the server with the script output. >> >> You've never explained what you're doing in any detail, especially >> with regard to where you're generating the client cert. In a >> previous email I explained what the server needs and what the client >> needs. Now you're going to have to put that information to use. You >> really do have to invest the energy into learning how the pieces fit >> together. >> >> >> Ok.. so here goes what I have been wanting to accomplish :P >> >> >> ROUTER-SIDE :: >> =========== >> >> a) >> Configure the router to do WPA/WPA2-Enterprise authentication. >> >> b) >> The authentication is to be done via a freeradius-server. >> >> c) >> I connect a wired-cable between the router and the >> freeradius-server-machine, to have a physical medium via which the >> router and the server may talk. >> >> >> SERVER-SIDE :: >> =========== >> >> a) >> Freeradius-server is running on Fedora-17 (freeradius-2.2.0-0.fc17.i686) >> >> b) >> After installing freeradius, the certificates are generated via (on >> Fedora-17 machine) :: >> >> su - >> rm /etc/raddb/modules/dhcp_** >> sqlippool >> cd /etc/raddb/certs >> make destroycerts >> make >> make client >> chmod 0644 client.p12 >> chmod 0644 ca.pem >> >> c) >> Now, the freeradius is started on the Fedora-17 machine as :: >> >> sudo /usr/sbin/radiusd -X & >> >> Server runs fine. >> >> >> >> CLIENT-SIDE :: >> =========== >> >> a) >> THE SAME FEDORA-17 MACHINE ACTS AS THE CLIENT TOO :) >> >> b) >> Now, from the gnome-panel applet, I try connecting to the WPA/WPA-2 >> Enterprise network, by setting the following settings :: >> >> Wireless Security >> : WPA/WPA2-Enterprise >> Authentication >> : TLS >> Identity >> : Anonymous >> User Certificate >> : /etc/raddb/certs/client.p12 >> CA Certificate >> : /etc/raddb/certs/ca.pem >> Private Key >> : /etc/raddb/certs/client.p12 >> Private Key Password >> : whatever >> >> >> c) >> I click the "Connect" button..... >> >> >> >> and then the dreaded logs happen :( >> > > Thank you, that is a much clearer explanation. > > The first thing I notice is you're pointing the client to files in a > directory owned by the server. Everything from /etc/raddb and below is > readable only by root:radiusd for security reasons (you don't want to > expose the configuration of an authentication server to the world). > > I suspect the code which reads the client cert files is running under your > uid and is not a process with root privileges thus it can't read the cert > files. I would try copying the client cert files to an alternate location, > reset their permissions and try again. > > > > -- > John Dennis <jden...@redhat.com> > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > -- Regards, Ajay
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html