Hi everyone, In the company we have performed some tests on EAP TLS. We are using Radiator-4.13 with the goodie eap_tls.cfg.
We have created self-signed certificates through the script: script.sh (You can find the script, as well as the certificates in https://gist.github.com/ifdm001/57c03984282f33406aec ) During the tests, we have installed the cert-clt.p12 cert file on a Galaxy S3 with Android 4.1.2 We have also installed the CA file cacert.pem. The WiFi configuration is: EAP method TLS, Phase 2 PAP, User certificate, Identiy user We also have added the identity user to the file database. When we have not configured the CA file in the WiFi configuration profile, everything works. It is strange there is no message from Android saying that the server certificate will be not verified, also there is no checklist option to validate this ( as there is in microsoft, see. https://support.microsoft.com/kb/814394). When we configure the CA file in the WiFi configuration profile on the Android phone, we found the following error in Radiator: Wed Jun 18 11:49:35 2014: DEBUG: Handling request with Handler 'Realm=DEFAULT', Identifier '' Wed Jun 18 11:49:35 2014: DEBUG: Deleting session for user, 10.1.0.9, Wed Jun 18 11:49:35 2014: DEBUG: Handling with Radius::AuthFILE: Wed Jun 18 11:49:35 2014: DEBUG: Handling with EAP: code 2, 255, 200, 13 Wed Jun 18 11:49:35 2014: DEBUG: Response type 13 Wed Jun 18 11:49:35 2014: DEBUG: Certificate Subject Name is /C=ES/ST=Biscay/L=Getxo/O=Fon/OU=Fon Labs/CN=user Wed Jun 18 11:49:35 2014: DEBUG: Matched certificate CN user with User-Name user or identity user Wed Jun 18 11:49:35 2014: DEBUG: Reading users file ./users Wed Jun 18 11:49:35 2014: DEBUG: Radius::AuthFILE looks for match with user [user] Wed Jun 18 11:49:35 2014: DEBUG: Radius::AuthFILE ACCEPT: : user [user] Wed Jun 18 11:49:35 2014: ERR: EAP TLS error: -1, 1, 8592, 0, 22411: 1 - error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Wed Jun 18 11:49:35 2014: DEBUG: EAP Failure, elapsed time 0.179251 Wed Jun 18 11:49:35 2014: DEBUG: EAP result: 1, EAP TLS error Wed Jun 18 11:49:35 2014: DEBUG: AuthBy FILE result: REJECT, EAP TLS error Wed Jun 18 11:49:35 2014: INFO: Access rejected for user: EAP TLS error Wed Jun 18 11:49:35 2014: DEBUG: Packet dump: *** Sending to 10.1.0.9 port 54719 .... Code: Access-Reject Identifier: 189 Authentic: <194><153>-<204><200><12><189><176>&<168><196><24><180><148><210>i Attributes: EAP-Message = <4><255><0><4> Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Reply-Message = "Request Denied" The full log is in the file eap_tls.log file, also in https://gist.github.com/ifdm001/57c03984282f33406aec Any help with this problem, we will be grateful. Thanks, Imanol -- Imanol Fuidio Díaz-Maroto Fon Labs R&D engineerimanol.fui...@fon.com skype: imanol.fon
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator