radius wpa eap ttls mschapv2

Home Page Forums Network Management ZeroShell radius wpa eap ttls mschapv2

This topic contains 3 replies, has 0 voices, and was last updated by  calman 10 years, 2 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #41205

    calman
    Member

    Hi, I’m trying to config zeroshell radius , Mikrotik AP and ubiquiti nano 5 in client mode, wpa2/eap ttls mschapv2 I revised settings and seems fine but when trying to connect the radius log is as follows:

    7:46:31 TLS Alert read:fatal:certificate expired
    17:46:31 TLS_accept:failed in SSLv3 read client certificate A
    17:46:31 rlm_eap: SSL error error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
    17:46:31 rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
    17:46:31 Login incorrect: [test] (from client 680mhz port 0 cli 00-15-6D-B5-22-7F)
    17:46:31 TLS Alert read:fatal:certificate expired
    17:46:31 TLS_accept:failed in SSLv3 read client certificate A
    17:46:31 rlm_eap: SSL error error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
    17:46:31 rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
    17:46:31 Login incorrect: [test] (from client 680mhz port 0 cli 00-15-6D-B5-22-7F)

    test is an user created in zeroshell ldap
    Is possible configure zeroshell radius to olnly accept mschapv2?
    Thanks
    Calman

    #46955

    imported_fulvio
    Participant

    You can use EAP-TTLS with PAP, PEAP with MS-ChapV2 and EAP-TLS (only X509 certificate without username and password).

    Regards
    Fulvio

    #46956

    calman
    Member

    I resolved the problem!
    the nanostation clock, when reset or power lost, obtains a default date, then the radius log show the “certificate expired “
    Is possible modify kerberos police? change it up to 1 year certificate expire

    #46957

    imported_fulvio
    Participant

    The certificate validity time does not depend on Kerberos policies. It is instead configurable in [X.509 CA][Setup][CA Default Parameters][Certificate Validity (days)].

    Regards
    Fulvio

    #46958

    calman
    Member

    i tried to change these options and there’s the same problem , i tried to change nanostation date and i found it connects correctly on +-5minutes of zeroshell time

    thanks

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.