Closed vpatil131 closed 4 years ago
Hello,
I followed your guide to the T but I'm getting EAP authentication due to "unknown CA" error.
# date
Asus RT-68U Asuswrt-Merlin v384.19
Any idea what could be wrong?
# /opt/usr/sbin/wpa_supplicant -dd -Dwired -ieth0 -c/jffs/EAP/wpa_supplicant.conf Successfully initialized wpa_supplicant eth0: Associated with 01:80:c2:00:00:03 WMM AC: Missing IEs eth0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 eth0: CTRL-EVENT-EAP-STARTED EAP authentication started eth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 eth0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected eth0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='C=US, ST=Michigan, L=Southfield, O=ATT Services Inc, OU=OCATS, CN=aut02pltnca.pltnca.sbcglobal.net' hash=a1de433f731a03447a3187ffd3XXXXXX eth0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='C=US, O=ATT Services Inc, CN=ATT Services Inc Enhanced Services CA' hash=e16e03391e5ef5dfe251d826c4644840725XXXXXXXXXX eth0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=0 subject='C=US, ST=Michigan, L=Southfield, O=ATT Services Inc, OU=OCATS, CN=aut02pltnca.pltnca.sbcglobal.net' err='unknown CA' eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
My wpa config file:
# Generated by 802.1x Credential Extraction Tool # Copyright (c) 2018-2019 devicelocksmith.com # Version: 1.04 linux amd64 # # Change file names to absolute paths # Generated by 802.1x Credential Extraction Tool # Copyright (c) 2018-2019 devicelocksmith.com # Version: 1.04 linux amd64 # # Change file names to absolute paths eapol_version=1 ap_scan=0 fast_reauth=1 network={ ca_cert="/jffs/EAP/CA_001E46-R91VJXXXXXX.pem" client_cert="/jffs/EAP/Client_001E46-R91VJXXXXXX.pem" eap=TLS eapol_flags=0 identity="20:F3:75:XX:XX:XX" # Internet (ONT) interface MAC address must match this value key_mgmt=IEEE8021X phase1="allow_canned_success=1" private_key="/jffs/EAP/PrivateKey_PKCS1_001E46-R91VJXXXXXX.pem" } # WARNING! Missing AAA server root CA! Add AAA server root CA to CA_001E46-R91VJXXXXXX.pem
Figured it out. # WARNING! Missing AAA server root CA! Add AAA server root CA to CA_001E46-R91VJXXXXXX.pem was the clue. I fixed the issue with certificates while decoding mfg and it worked.
# WARNING! Missing AAA server root CA! Add AAA server root CA to CA_001E46-R91VJXXXXXX.pem
mfg
Hello,
I followed your guide to the T but I'm getting EAP authentication due to "unknown CA" error.
# date
was current.Hardware
Asus RT-68U Asuswrt-Merlin v384.19
Any idea what could be wrong?
Error log
My wpa config file: