Question

我是一名学生，我需要设置一个基于WPA2 EAP-TLS的体系结构。但是我无法使用生成的证书登录到访问点。

我遵循了this教程来设置我的Freeradius服务器。我使用make从/etc/freeradius/3.0/certs中生成了证书。我有一个使用hostapd的访问点，其配置如下：

interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd
#ctrl_interface_group=wheel

ssid=EAP-AP

wpa_pairwise=CCMP
rsn_pairwise=CCMP
macaddr_acl=0 

#EAP Config 8021X
own_ip_addr=127.0.0.1
ieee8021x=1 

wpa=2
wpa_key_mgmt=WPA-EAP

hw_mode=g
channel=1

#disable_pmksa_caching=0
#rsn_preauth=1

#FreeRADIUS Server Config
auth_algs=1
auth_server_addr=172.16.71.151 # IP of my Freeradius server
auth_server_port=1812
auth_server_shared_secret=testing123

我尝试使用ca.pem和client.12证书从另一台Linux计算机登录到我的访问点：

但是身份验证失败，因为我使用了“错误证书”，即Freeradius日志：

...
eap_tls: [eaptls verify] = ok
(4) eap_tls: Done initial handshake
(4) eap_tls: <<< recv TLS 1.2  [length 0002] 
(4) eap_tls: ERROR: TLS Alert read:fatal:bad certificate
(4) eap_tls: TLS_accept: Need to read more data: error
(4) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
(4) eap_tls: TLS - In Handshake Phase
(4) eap_tls: TLS - Application data.
(4) eap_tls: ERROR: TLS failed during operation
(4) eap_tls: ERROR: [eaptls process] = fail
(4) eap: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed
(4) eap: Sending EAP Failure (code 4) ID 73 length 4
(4) eap: Failed in EAP select

无法验证WPA2 EAP-TLS Freeradius 3.0

0 个答案: