1

I'm setting up RADIUS server using FreeRADIUS and self-signed certificate. Tested using eapol_test and successfully logged in. But when I'm trying to add a PC running Ubuntu 22.04 LTS to the network, it failed to pass EAP-TLS authenticate. But if I set auth-type of Ubuntu supplicant to PEAP or TTLS, it works as expected.

Dig into the radiusd -X logs and found that Ubuntu supplicant never sent out the client certificate. FreeRADIUS response with Access-Challenge for several times but Ubuntu supplicant just stopped after step (3), while eapol_test keep responding Access-Challenge and successfully login at step (6).

I've no idea what's going on. I'm not even sure whether it's the problem of Ubuntu or FreeRADIUS. Can anyone help me figure out what exactly is going on ?

Attachments:

  1. FreeRADIUS log for Ubuntu login: https://pastebin.com/80ApMUeN
  2. FreeRADIUS log for eapol_test: https://pastebin.com/yfFKaL1H
RichardLiu
  • 173

1 Answers1

0

Found the cause of problem myself: VigorSwitch G2100 L2 Switch. Replaced it with another L2 Switch from other vender, and EAP-TLS supplicant works as expected.

The vender have listed 802.1X support on its spec, but their customer support had admitted to me that they've never tested EAP-TLS.

RichardLiu
  • 173