[CentOS] WPA Radius wireless authentication and CentOS 5

Fri Apr 20 02:23:36 UTC 2007
David G. Miller <dave at davenjudy.org>

I previously had WPA radius authentication working from my laptop to my 
home network with the laptop running Fedora Core 6 and the server 
running freeRadius under CentOS 4.4 (freeradius-1.0.1-3.RHEL4.3).  I'm 
attempting to move my FC 6 boxes to CentOS 5 so I decided to pick on the 
laptop first.  Unfortunately, I neglected to backup /etc before doing 
the CentOS 5 install (bad Dave, bad Dave) so I don't have my previously 
working configuration for reference.

I attempted to follow the instructions at:

http://www.linuxjournal.com/article/8017
http://www.linuxjournal.com/article/8095
http://www.linuxjournal.com/article/8151

that I had previously used to get the laptop authenticating with FC6.  
All I can ever get the radius server to spew is:

...
(lots of normal looking stuff)
...
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: NAK asked for bad type 0
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [spindle/<no User-Password attribute>] (from client 
Wireless-client port 4 cli 00904bac8f67)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
...

As per the referenced articles, for the client I have cert.pem as the 
certificate file, key.pem as the key file, keycert.pem as the combined 
key and certificate file and ca.pem as the server certificate file.  
I've tried all the combinations of the certificate and key files I can 
think of through NetworkManager and the best I get is the above NAK.

Everything works with either an open AP (*REALLY* bad idea) or using WPA 
with a pre-shared key.  I'd like to get WPA radius working again.  Any 
suggestions (other articles to follow, a howto, how to get free radius 
to tell me what's wrong, whatever) would be appreciated.

Thanks,
Dave

-- 
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce