hostapd + freeradius: unknown ca error

Svein Olav Bjerkeset svein.olav
Sun Jan 12 07:37:36 PST 2014



I am trying to set up hostapd with freeradius to be able to authenticate
wifi-users against a kerberos-repository. The radius/kerberos integration
seems to work since radtest succeeds using a kerberos-user.


However when hostapd contacts the radius server, it uses EAP-TLS, and after
some traffic back and forth, hostapd sends a fatal error back to the radius
server stating that the CA is unknown. I have tried to use the ca_cert
option in hostapd.conf and point it to the radius CA, but it did not resolve
the problem. I suspect this option is only used for the internal EAP server
of hostapd (which I do not use).


An strace of open and stat system calls for the hostpad process seems to
show that it does not try to open any file which are SSL-releated.


How can I tell hostapd which CAs to trust when using an external radius


Best reagrds,

Svein Olav Bjerkeset

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Hostap mailing list