An open discussion list for topics related to the geteduroam service

[Muhammad Farhan SJAUGI <farhan AT sifulan.my>]

Hi,

OK, I managed to solve the problem no 2. Apparently, the ServerID attributes inside the profile didn't match with the actual server hostname as a "radius." string was added.

So, I have to edit the servername by hand in the database (or any better way?) to make it correct. After this change, I able to login by using the credential generated by using letswifi ca.

However, any idea how can I solve the first problem?

Regards

--
Ts. Muhammad Farhan SJAUGI, S.Kom. M.Sc.

SIFULAN Malaysian Access Federation
Email: farhan AT sifulan.my
Homepage: https://sifulan.my
  

On Sun, 21 Nov 2021 at 17:11, Muhammad Farhan SJAUGI <farhan AT sifulan.my> wrote:

Hi,

We are setting up a letswifi ca portal for our federation members. So far everything went well as we are able to register a new realm and get the profile (however we need to add ?realm=<realm name> manually to download the profile).

However, when we tested the account, we got the following error message at the Freeradius 3 (FR3) despite we had added the realm's letwifi ca cert in the ca trusted list:

(33) eap_tls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A
(33) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
(33) eap_tls: ERROR: System call (I/O) error (-1)
(33) eap_tls: ERROR: TLS receive handshake failed during operation
(33) eap_tls: ERROR: [eaptls process] = fail
(33) eap: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed

My questions are:

1. Is there any way to let the user download the profile without having to manually add ?realm=<realm name> in the url browser?

2. Any idea what the problem is with our FR3 EAP-TLS configuration? FYI, our FR3 uses letsencrypt cert.

Regards

--
Ts. Muhammad Farhan SJAUGI, S.Kom. M.Sc.

SIFULAN Malaysian Access Federation
Email: farhan AT sifulan.my
Homepage: https://sifulan.my