radius wpa eap ttls mschapv2

[calman]

Hi, I’m trying to config zeroshell radius , Mikrotik AP and ubiquiti nano 5 in client mode, wpa2/eap ttls mschapv2 I revised settings and seems fine but when trying to connect the radius log is as follows:

7:46:31 TLS Alert read:fatal:certificate expired
17:46:31 TLS_accept:failed in SSLv3 read client certificate A
17:46:31 rlm_eap: SSL error error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
17:46:31 rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
17:46:31 Login incorrect: [test] (from client 680mhz port 0 cli 00-15-6D-B5-22-7F)
17:46:31 TLS Alert read:fatal:certificate expired
17:46:31 TLS_accept:failed in SSLv3 read client certificate A
17:46:31 rlm_eap: SSL error error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired
17:46:31 rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
17:46:31 Login incorrect: [test] (from client 680mhz port 0 cli 00-15-6D-B5-22-7F)

test is an user created in zeroshell ldap
Is possible configure zeroshell radius to olnly accept mschapv2?
Thanks
Calman

[imported_fulvio]

You can use EAP-TTLS with PAP, PEAP with MS-ChapV2 and EAP-TLS (only X509 certificate without username and password).

Regards
Fulvio

[calman]

I resolved the problem!
the nanostation clock, when reset or power lost, obtains a default date, then the radius log show the “certificate expired “
Is possible modify kerberos police? change it up to 1 year certificate expire

[imported_fulvio]

The certificate validity time does not depend on Kerberos policies. It is instead configurable in [X.509 CA][Setup][CA Default Parameters][Certificate Validity (days)].

Regards
Fulvio

[calman]

i tried to change these options and there’s the same problem , i tried to change nanostation date and i found it connects correctly on +-5minutes of zeroshell time

thanks

[Author]

Posts