On 03/16/2012 11:50 AM, Denis Pavani wrote: > Hello, I recently changed the certificate of my radiator server 3.17.1-1 > for wireless authentication. > This is an official certificate from a trusted CA. > We use EAP-TTLS with PAP inner authentication. > One client (WinXP with Intel 5100 and Intel client wirelessPRO) receives > an error and I got this message in the logfile: > > EAP result: 1, EAP TTLS Handshake unsuccessful: 26297: 1 - > error:14094418:SSL routines:func(148):reason (1048)
I think 1048 is alert for 'unknown CA'. You should check the Intel client settings and make sure the Intel client trusts the CA. If there are intermediate certificates, try putting the root CA and the intermediate CAs into EAPTLS_CAFile. Your server that runs Radiator is likely quite old? More recent SSL libraries create more readable messages which are useful for debugging these kinds of problems. Thanks! Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
