LINUX.ORG.RU
ФорумAdmin

freeradius TLS Alert read:fatal:bad certificate


0

0

Всем привет! Хочу настроить PEAP для WIFI точки через RADIUS. Пробую авторизоваться ругается что плохой сертификат. Пробовал как сертификаты которые идёт с сервером так и собственного CA.

rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal bad_certificate TLS Alert read:fatal:bad certificate TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user.

#Config eap.conf

eap { default_eap_type = peap

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

md5 { } leap { } gtc {

auth_type = PAP } tls {

private_key_file = ${raddbdir}//server.key

certificate_file = ${raddbdir}//server.pem

CA_file = ${raddbdir}//cert.pem

dh_file = ${raddbdir}//server.dh random_file = ${raddbdir}//random

} peap { default_eap_type = mschapv2

} mschapv2 { }}

anonymous

Re: freeradius TLS Alert read:fatal:bad certificate

собирал freeradius вот по этому монуалу.

http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-t...

Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap

rlm_eap_peap: Authenticate

rlm_eap_tls: processing TLS

eaptls_verify returned 7

rlm_eap_tls: Done initial handshake

rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal bad_certificate

TLS Alert read:fatal:bad certificate

TLS_accept:failed in SSLv3 read client certificate A

rlm_eap: SSL error error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.

anonymous ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.