[RADIATOR] what kind of error?
Heikki Vatiainen
hvn at open.com.au
Fri Mar 16 07:30:48 CDT 2012
On 03/16/2012 11:50 AM, Denis Pavani wrote:
> Hello, I recently changed the certificate of my radiator server 3.17.1-1
> for wireless authentication.
> This is an official certificate from a trusted CA.
> We use EAP-TTLS with PAP inner authentication.
> One client (WinXP with Intel 5100 and Intel client wirelessPRO) receives
> an error and I got this message in the logfile:
>
> EAP result: 1, EAP TTLS Handshake unsuccessful: 26297: 1 -
> error:14094418:SSL routines:func(148):reason (1048)
I think 1048 is alert for 'unknown CA'. You should check the Intel
client settings and make sure the Intel client trusts the CA. If there
are intermediate certificates, try putting the root CA and the
intermediate CAs into EAPTLS_CAFile.
Your server that runs Radiator is likely quite old? More recent SSL
libraries create more readable messages which are useful for debugging
these kinds of problems.
Thanks!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list