Failure with "TLS authentication" and "Freeradius on Fefora-17"

From: Ajay Garg <ajaygargnsit gmail com>
To: freeradius-users lists freeradius org, networkmanager-list <networkmanager-list gnome org>
Subject: Failure with "TLS authentication" and "Freeradius on Fefora-17"
Date: Sun, 6 Jan 2013 19:31:22 +0530

Hi all.

I have been facing a very particular issue, when trying to connect to a WPA/WPA-2 Enterprise connection via "TLS authentication"
(note that "TTLS" and "PEAP" authentication work perfect).

Settings ::

a)
As per http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/python/add-system-wifi-connection.py, the code is written on a Fedora-18 base, using NM0.9
(this code is wriiten on the "client" computers, that wish to connect to the "TLS authenticated" WPA/WPA2-Enterprise network).

b)
Freeradius is being used as the user-authentication server.

c)
Now, when freeradius is being used on a Fedora-14 base, the "TLS" authentication works fine.
I do the following, to generate the certificates required for TLS ::

                          su -
                          cd /etc/raddb/certs
                          make clean
                          make client.pem

I then fill in the following fields (on the client-side)::

                 'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),
                 'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora14"),
                 'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),

The client gets connected flawlessly to the wifi-network :)

d)
However, when freeradius is used on a Fedora-18 base, the "TLS" authentication does not work fine.

I follow the same procedure to generate the certificates ::

                          su -
                          cd /etc/raddb/certs
                          make clean
                          make client.pem

and then fill up the values as ::

                 'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),
                 'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora17"),
                 'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),

However, now the wifi-network is not connected; there are "Access-Reject" messages in freeradius-logs.

Has there been a change in the way certificates are to generated/deployed when using Free-radius on Fedora-17?
Or there needs to be a change in the NM-client-side-code?

I will be grateful for a reply.

Regards,
Ajay

Follow-Ups:
- Re: Failure with "TLS authentication" and "Freeradius on Fefora-17"
  - From: Ajay Garg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]