Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-20 Thread A . L . M . Buxey
Hi, > To make sure I'm on the same page with you, I'm guessing by "supplicant" >you mean the wireless client (in this case a Windows 7 laptop)? There's no >configuration that pops up immediately on that one. I tell it to connect >to the network and it pops up a username / passwor

Re: [RADIATOR] SIP2 + Fortigate setup

2014-02-20 Thread Sami Keski-Kasari
Hello Chad, In standard Radius protocol shared secret is used to encrypt User-Password field. Radiator will automatically decrypt User-Password with shared secret. I think that you should first check that you have same shared secret both in your client clause and in fortigate. If there is some p

Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-20 Thread Sami Keski-Kasari
Hello Jeff, Most probably you have incorrect password in your ChromeOS configuration. It seems that if you can't successfully authenticate, save identity and password selection doesn't save your password. It will show stars in the password field but it still tries to authenticate with empty passw

Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-20 Thread Jeffrey Smith
Thanks for all the help so far, I did get ChromeOS connected. I tried loading the full chain of CAs for the RapidSSl cert, from Geotrust on down, into the CA file on the RADIUS server and that didn't change the behavior for windows. Then, I loaded the RapidSSL cert onto the windows 7 laptop that

Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-20 Thread Garry Shtern
Try adding the entire chain to the server cert that Radiator presents. Make sure to list certificates in proper order - server, intermediate, root. Sent with Good (www.good.com) -Original Message- From: Jeffrey Smith [d...@neonova.net] Sent: Thursday, February

Re: [RADIATOR] EAP TLS issues "routines:SSL3_READ_BYTES:tlsv1 alert access denied"

2014-02-20 Thread Jeffrey Smith
Garry, Even combining them all in order into a single .pem on the RADIUS server I get the following RADIUS debugs when connecting the windows laptop: Thu Feb 20 08:36:31 2014: DEBUG: Handling request with Handler 'NAS-Port-Type = Wireless-IEEE-802-11', Identifier '' Thu Feb 20 08:36:31 2014: DE

Re: [RADIATOR] SIP2 + Fortigate setup

2014-02-20 Thread Chad Roseburg
You were correct, I did not set up the client stanzas correctly. I got rid of all client stanzas but the DEFAULT and used the secret with the fortigate SUCCESS! Thank you! Here is what I had: Secret different_secret DupInterval 0 Secret radius_secret DupInt

Re: [RADIATOR] SIP2 + Fortigate setup

2014-02-20 Thread Chad Roseburg
That is correct. I had an additional stanza for a router ...when I commented out all but the DEFAULT and used the DEFAULT secret, it worked. Thanks! Chad On Thu, Feb 20, 2014 at 4:45 AM, Sami Keski-Kasari wrote: > Hello Chad, > > In standard Radius protocol shared secret is used to encrypt > U