| switchflux |
02-12-2006 02:14 PM |
problems with root certificate in xsupplicant for 802.1x authentication
I have Debian 'sarge' installed on my dell 8100 laptop, and i am connecting to my university internet LAN through 802.1x authentication, and using Xsupplicant as client.
The installation of Xsupplicant went fine, and I got the xsupplicant.conf file from the university. The problem is that it never authenticates.
Here is the output to the xsupplicant.log:
Quote:
Interface initalized!
No configuration information for network "(null)" found. Using default.
Connection established, authenticating...
Failed to initalize path to root certificate!
OpenSSL Error -- error:02001002:system library:fopen:No such file or directory
Couldn't load root certificates!
OpenSSL Error -- error:2006D080:BIO routines:BIO_new_file:no such file
Couldn't create SSL object!
OpenSSL Error -- error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
The SSL handle is invalid in tls_funcs_decode_packet()!"
|
Here's my xsupplicant.conf
Quote:
# This is an example configuration file for xsupplicant versions after 0.8b.
### GLOBAL SECTION
network_list = all
default_netname = default
startup_command = <BEGIN_COMMAND>ifconfig eth0 allmulti 0.0.0.0 up<END_COMMAND>
first_auth_command = <BEGIN_COMMAND>dhcpcd -n<END_COMMAND>
reauth_command = <BEGIN_COMMAND>dhcpcd -n<END_COMMAND>
logfile = /var/log/xsupplicant.log
deny_interfaces = lo
### NETWORK SECTION
default
{
type = wired
allow_types = all
identity = <BEGIN_ID>myemail@myuniversity<END_ID>
eap-peap {
root_cert = /etc/1x/cert/demoCA/cacert.pem
root_dir = /etc/1x/cert/demoCA
chunk_size = 1398
random_file = /etc/1x/cert/random
session_resume = yes
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
eap-mschapv2 {
username = <BEGIN_UNAME>myemail@myuniversity<END_UNAME>
password = <BEGIN_PASS>mypassword<END_PASS>
}
}
}
|
I guess the problem is something in openssl and not in xsupplicant. The path to the root certificate did not exist when I checked it out, so I made it and placed a file called cacert.pem containing some kind of certificate-code that my university supplied me.
I've started to read about openssl, but I am quite new to linux, and it will take me some time to find the relevant information and put it in context. Could anyone put some good words on this problem, or is there a fairly easy solution I can apply directly? (like f.eks. validize the path to the certificate with openssl in advance, or create the file containing the certificate through some commands in openssl, and then let the path point to that directory?)
Thanx for taking the time to read this!
/fluX |
