The pfSense Store

Author Topic: FreeRadius2 EAP-TLS  (Read 81 times)

0 Members and 1 Guest are viewing this topic.

Offline jeffh

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +0/-0
    • View Profile
FreeRadius2 EAP-TLS
« on: July 22, 2015, 03:19:33 pm »
I am working on getting FreeRadius setup for WPA2 Enterprise. I have followed the instructions here (https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS) and have PEAP working, now I am trying to get EAP-TLS working.

I am pushing my certs to an iPhone via Apple Configurator (when I specify PEAP it works fine). When I specify EAP-TLS and give it the proper certs it does not work.

In the FreeRadius EAP settings I have Choose Cert Manager checked which should use the Firewall Cert manager (this is where I have created all my certs) and I have selected the proper certs.

When I look at the eap.conf file it looks to me like it is not using the pfSense Cert Manager and the certs I have created and instead is using the FreeRadius certs.

Does anyone know how to get EAP-TLS to use the pfSense certificate manager?

An excerpt from eap.conf:

                        certdir = ${confdir}/certs
         cadir = ${confdir}/certs
         private_key_password = whatever
         private_key_file = ${certdir}/server_key.pem
         certificate_file = ${certdir}/server_cert.pem
         CA_file = ${cadir}/ca_cert.pem
         dh_file = ${certdir}/dh
         random_file = ${certdir}/random
         fragment_size = 1024
         include_length = yes
         check_crl = no
         CA_path = ${cadir}

and from radiusd.conf: confdir = ${raddbdir}

Offline jeffh

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +0/-0
    • View Profile
Re: FreeRadius2 EAP-TLS
« Reply #1 on: July 22, 2015, 03:40:13 pm »
Looking more closely it looks like it did copy my certs in to this directory, but didn't remove: "private_key_password = whatever" from the eap.conf.

I have tried manually commenting that out and will test.