LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices


Reply
  Search this Thread
Old 02-12-2006, 03:14 PM   #1
switchflux
LQ Newbie
 
Registered: Oct 2005
Location: Tromsų, Norway
Posts: 3

Rep: Reputation: 0
problems with root certificate in xsupplicant for 802.1x authentication


I have Debian 'sarge' installed on my dell 8100 laptop, and i am connecting to my university internet LAN through 802.1x authentication, and using Xsupplicant as client.

The installation of Xsupplicant went fine, and I got the xsupplicant.conf file from the university. The problem is that it never authenticates.

Here is the output to the xsupplicant.log:


Quote:
Interface initalized!
No configuration information for network "(null)" found. Using default.
Connection established, authenticating...
Failed to initalize path to root certificate!
OpenSSL Error -- error:02001002:system library:fopen:No such file or directory
Couldn't load root certificates!
OpenSSL Error -- error:2006D080:BIO routines:BIO_new_file:no such file
Couldn't create SSL object!
OpenSSL Error -- error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
The SSL handle is invalid in tls_funcs_decode_packet()!"
Here's my xsupplicant.conf

Quote:
# This is an example configuration file for xsupplicant versions after 0.8b.

### GLOBAL SECTION

network_list = all
default_netname = default

startup_command = <BEGIN_COMMAND>ifconfig eth0 allmulti 0.0.0.0 up<END_COMMAND>
first_auth_command = <BEGIN_COMMAND>dhcpcd -n<END_COMMAND>
reauth_command = <BEGIN_COMMAND>dhcpcd -n<END_COMMAND>

logfile = /var/log/xsupplicant.log

deny_interfaces = lo

### NETWORK SECTION

default
{

type = wired
allow_types = all
identity = <BEGIN_ID>myemail@myuniversity<END_ID>

eap-peap {
root_cert = /etc/1x/cert/demoCA/cacert.pem
root_dir = /etc/1x/cert/demoCA
chunk_size = 1398
random_file = /etc/1x/cert/random
session_resume = yes
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM

eap-mschapv2 {
username = <BEGIN_UNAME>myemail@myuniversity<END_UNAME>
password = <BEGIN_PASS>mypassword<END_PASS>
}
}
}
I guess the problem is something in openssl and not in xsupplicant. The path to the root certificate did not exist when I checked it out, so I made it and placed a file called cacert.pem containing some kind of certificate-code that my university supplied me.

I've started to read about openssl, but I am quite new to linux, and it will take me some time to find the relevant information and put it in context. Could anyone put some good words on this problem, or is there a fairly easy solution I can apply directly? (like f.eks. validize the path to the certificate with openssl in advance, or create the file containing the certificate through some commands in openssl, and then let the path point to that directory?)

Thanx for taking the time to read this!

/fluX
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
What distribution has XSupplicant integrated for 802.1x authorization? switchflux Linux - Distributions 1 01-20-2006 01:42 PM
Initial Association for 802.1X Authentication andrewb758 Linux - Wireless Networking 14 03-04-2005 01:12 AM
802.1x authentication over LAN Ben Novack Linux - Wireless Networking 0 02-11-2004 12:18 AM
Problems to enable 802.11g instead of 802.11b on WMP54g ronannormandie Linux - Wireless Networking 0 01-14-2004 03:59 PM
certificate authentication for ssh cuss Linux - Security 1 12-16-2002 10:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking

All times are GMT -5. The time now is 08:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration