Re: Failure with "TLS authentication" and "Freeradius on Fefora-17"

I just realised that I can put the issue in a simpler realm (not requiring any externally written client-code files ) ::

I am unable to get "TLS-authentication" working, when a "Fedora-17-client" tries to connect to a "WPA/WPA2-Enterprise network" through "gnome-shell-applet", via Freeradius-running-on-Fedora-17".

On Sun, Jan 6, 2013 at 7:31 PM, Ajay Garg <ajaygargnsit gmail com> wrote:
Hi all.

I have been facing a very particular issue, when  trying to connect to a WPA/WPA-2 Enterprise connection via "TLS authentication"
(note that  "TTLS" and "PEAP" authentication work perfect).

Settings ::

As per, the code is written on a Fedora-18 base, using NM0.9
(this code is wriiten on the "client" computers, that wish to connect to the "TLS authenticated" WPA/WPA2-Enterprise network).

Freeradius is being used as the user-authentication server.

Now, when freeradius is being used on a Fedora-14 base, the "TLS" authentication works fine.
I do the following, to generate the certificates required for TLS ::

                          su -
                          cd /etc/raddb/certs
                          make clean
                          make client.pem

I then fill in the following fields (on the client-side)::

                 'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),
                 'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora14"),
                 'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora14"),

The client gets connected flawlessly to the wifi-network :)

However, when freeradius is used on a Fedora-18 base, the "TLS" authentication does not work fine.

I follow the same procedure to generate the certificates ::

                          su -
                          cd /etc/raddb/certs
                          make clean
                          make client.pem

and then fill up the values as ::

                 'client-cert': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),
                 'ca-cert': path_to_value("ca.pem/generated/on/freeradius/on/Fedora17"),
                 'private-key': path_to_value("client.p12/generated/on/freeradius/on/Fedora17"),

However, now the wifi-network is not connected; there are "Access-Reject" messages in freeradius-logs.

Has there been a change in the way certificates are to generated/deployed when  using Free-radius on  Fedora-17?
Or there needs to be a change in the NM-client-side-code?

I will be grateful for a reply.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]