cant get radius to work

Products ePMP
1

i’m getting a fatal:unknown CA error on the free radius, i have followed the steps on the guide exactly, i loaded radius.cambium.com.crt into the userprovisioned root certificate 1 on the STA, the free radius config has the following

private_key_file = ${certdir}/cambium/radius.cambium.com.key
certificate_file = ${certdir}/cambium/radius.cambium.com.crt
CA_file = ${certdir}/cambium/cambium-ca.crt

as is what i figured based on the files that were generated by the script, and the free radius doesn’t throw any errors, but every time the CPE tries to associate i get


[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[ttls] eaptls_process returned 4
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.


Please help i’m trying to get this figured out so i can start testing with customers, but i cant get the basic auth to work yet with ttls. (honestly wish we could just bypass certificate validation and just use username/passwords for testing)

2

Chris,
We do not support this EAP-TTLS mode with using a client certificate. We support and use authentication by certificate only for server authentication(e.g. authenticator).

You may want to try to delete “CA_file = ${certdir}/cambium/cambium-ca.crt” on your FreeRADIUS server. This may help. Please share or clarify your FreeRADIUS config (e.g. /usr/local/etc/raddb/) and a full log of the radiusd process. (This can be done using the command “radiusd -X” )

There is also a community that has created “WISP Toolbox” as a VM application. This can be used to test a FreeRADIUS install for ePMP. (Link to WISP Toolbox is http://www.cambiumtools.com/index.php?option=com_content&task=section&id=6&Itemid=41〈=en )