Re: Failure with "TLS authentication" and "Freeradius on Fefora-17"

From: Ajay Garg <ajaygargnsit gmail com>
To: freeradius-users lists freeradius org, networkmanager-list <networkmanager-list gnome org>
Subject: Re: Failure with "TLS authentication" and "Freeradius on Fefora-17"
Date: Sun, 6 Jan 2013 19:55:03 +0530

I just realised that I can put the issue in a simpler realm (not requiring any externally written client-code files ) ::

I am unable to get "TLS-authentication" working, when a "Fedora-17-client" tries to connect to a "WPA/WPA2-Enterprise network" through "gnome-shell-applet", via Freeradius-running-on-Fedora-17".

On Sun, Jan 6, 2013 at 7:31 PM, Ajay Garg <ajaygargnsit gmail com> wrote:

Hi all.

I have been facing a very particular issue, when trying to connect to a WPA/WPA-2 Enterprise connection via "TLS authentication"
(note that "TTLS" and "PEAP" authentication work perfect).

Settings ::

a)
As per http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/python/add-system-wifi-connection.py, the code is written on a Fedora-18 base, using NM0.9
(this code is wriiten on the "client" computers, that wish to connect to the "TLS authenticated" WPA/WPA2-Enterprise network).

b)
Freeradius is being used as the user-authentication server.

c)
Now, when freeradius is being used on a Fedora-14 base, the "TLS" authentication works fine.
I do the following, to generate the certificates required for TLS ::

                          su -
                          cd /etc/raddb/certs
                          make clean
                          make client.pem

I then fill in the following fields (on the client-side)::
                 'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),
                 'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora14"),
                 'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),
The client gets connected flawlessly to the wifi-network :)

d)
However, when freeradius is used on a Fedora-18 base, the "TLS" authentication does not work fine.

I follow the same procedure to generate the certificates ::

                          su -
                          cd /etc/raddb/certs
                          make clean
                          make client.pem

and then fill up the values as ::
                 'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),
                 'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora17"),
                 'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),
However, now the wifi-network is not connected; there are "Access-Reject" messages in freeradius-logs.

Has there been a change in the way certificates are to generated/deployed when using Free-radius on Fedora-17?
Or there needs to be a change in the NM-client-side-code?

I will be grateful for a reply.

Regards,
Ajay

--
Regards,
Ajay

References:
- Failure with "TLS authentication" and "Freeradius on Fefora-17"
  - From: Ajay Garg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]