Author Topic: [SOLVED] Radius + Windows 7 = Need Certificate Authority  (Read 16738 times)

G2

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
[SOLVED] Radius + Windows 7 = Need Certificate Authority
« on: October 16, 2012, 05:22:43 pm »
Good afternoon!

I'm trying to install a wireless AP in the Radius (Freeradius) Zentyal and I can not.
See if someone can help me:

environment:

Wifi AP: TP-Link TL-WA901
IP: 192.168.1.254

Server: Zentyal 3.0
IP: 192.168.1.100

When I run the test with radtest server responds OK:
# Radtest "guy", "password" localhost 1812 testing123
Sending Access-Request of id 231 to 127.0.0.1 port 1812
    User-Name = "guy"
    User-Password = "password"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id = 231, length = 20

And also how to log in OK:
Wed Oct 3 12:39:15 2012: Auth: Login OK: [guy] (from client 127.0.0.1/32 port 1812)

I run the test via qdo Notebook, the following error appears:

Wed Oct 3 12:33:20 2012: Error: TLS Alert read: fatal: unknown CA
Wed Oct 3 12:33:20 2012: Error: TLS_accept: failed in SSLv3 read client certificate A
Wed Oct 3 12:33:20 2012: Error: rlm_eap: SSL error error: 14094418: SSL routines: SSL3_READ_BYTES: TLSv1 alert unknown ca
Wed Oct 3 12:33:20 2012: Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
Wed Oct 3 12:33:20 2012: Auth: Login incorrect (TLS Alert read: fatal: unknown CA): [guy] (from client 192.168.1.254/32 port 0 cli 48-5D-60-B4-F7-68 )

Someone who already set the Radius in Zentyal has gone through something similar?

I need a "Certificate Authority"?? It is possible to function without it?

Thank you.


--------------------------------------

Resolved ...

If using certificate:
- http://www.eduroam.ie/userdocs/win7-securew2-ttls.php

If you do not use certificate:
http://www.iar.unicamp.br/suporte/install_w2.php
http://www.iar.unicamp.br/suporte/config_eap_ttls_vista.php

Thank you for your help.
« Last Edit: October 17, 2012, 04:52:13 pm by G2 »

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: Radius + Windows 7 = Need Certificate Authority
« Reply #1 on: October 16, 2012, 07:36:12 pm »
Is your Windows client configured to use TTLS PAP?

Floaty

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +1/-0
    • View Profile
Re: Radius + Windows 7 = Need Certificate Authority
« Reply #2 on: October 17, 2012, 12:55:54 am »
Sadly Windows 7 does not support eap-ttls out of the box. Maybe you can find some 3rd party software to add eap-ttls.
Rumors say that Windows 8 have support for eap-ttls but I did not test it.
http://social.technet.microsoft.com/Forums/zh/winserversecurity/thread/afb2f748-20f2-4867-90bd-60f8ee870978

G2

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Radius + Windows 7 = Need Certificate Authority
« Reply #3 on: October 17, 2012, 04:50:34 pm »
Solved ...  ;D ;D

With hints of you I managed to solve the problem.

Through the SecureW2 I setup Win7 to access the TTLS + PAP and was great.

Follow the links that helped in the service.

If using certificate:
- http://www.eduroam.ie/userdocs/win7-securew2-ttls.php

If you do not use certificate:
http://www.iar.unicamp.br/suporte/install_w2.php
http://www.iar.unicamp.br/suporte/config_eap_ttls_vista.php

Thanks for your help.