WPA, EAP-TLS on FreeRADIUS no auth possible

Jouni Malinen j
Thu Aug 16 19:29:54 PDT 2007

On Thu, Aug 16, 2007 at 03:37:54PM +0200, Alexandros Gougousoudis wrote:

> indicating an eap error, aftern increasing the debug level I get this as 
> a possible purpose:
> rlm_eap: NAK asked for bad type 0
>    rlm_eap: Failed in EAP select

Your debug log from wpa_supplicant does not seem to show a run that
would trigger this failure, but anyway, it looks like the issue is in
use of incorrect wpa_supplicant configuration for EAP-TLS:

>          eap=TLS
>          identity="scit-acer"
>          ca_cert="/etc/cert/ServiceCenter-IT_KHB_HfM_HfS-cacert.pem"
>          client_cert="/etc/cert/scit-acer-cert.pem"
> #       private_key="/etc/cert/scit-acer-key-mp.pem"
> #       private_key_passwd="xxxxx"

EAP-TLS uses client certificate and private key. You have only
configured the certificate. private_key will also need to be configured
to allow EAP-TLS to be used to authenticate the user.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list