47 members have voted
Ironically enough -- since the article I was referencing for my FreeRADIUS / EAP-TLS / WiFi setup was written in Linux Journal magazine -- I've had some difficulty getting my linux laptop connected to the AP. With WPA-PSK (i.e. WPA with a password), it worked fine with the madwifi drivers and the wpa_supplicant program. However, trying to tweak wpa_supplicant to work with the EAP-TLS settings has been... challenging... frustrating... annoying. The magic seems to happen in the wpa_supplicant.conf file, and I'm struggling to figure out where it's not right.
The cool thing, that I just discovered, is that there is an interactive interface to the wpa_supplicant app called wpa_cli. Running this program allows you to see the responses coming from the AP and issue commands. Using this interface, I was able to see the identity request, and found this magic command was what I needed:
identity l33t /etc/ssl/certs/cert_19delta.pem
That is, set my identity for the AP named 'l33t' to the specified certificate. A few seconds later, I received an "identity accepted" message. I then had to run dhclient for my DHCP address, and got it.
So... I am now connected (and doing this blog entry with that very laptop), but not automatically. This tells me that my certificates and such can do what they need to, but something somewhere is not quite jiving.
More to come when I figure it all out. I will post full config files for each portion of the process when everything is working as it should. (If for no other reason than so I don't forget when I go to do this again sometime.)
So stay tuned.