Windows Client Authentification bevore Domain logon

Ben Walding ben.walding at gmail.com
Thu Aug 25 13:15:45 CEST 2005


I also found using machine certificates to be hit and miss (some
machines they'd be picked up, others they wouldn't - all XP SP2 with
appropriate patches).

And then I stumbled on this

http://lists.cistron.nl/pipermail/freeradius-users/2004-July/034141.html

1.3.6.1.4.1.311.17.2

After I started adding that OID to my machine certs, everything
started working wonderfully.

I shook my fist at Microsoft that day!

Cheers,

Ben
On 8/25/05, Steven Atkinson <atn at fallibroome.cheshire.sch.uk> wrote:
> Armin,
> 
> At 15:40 24/08/05, you wrote:
> 
> >Ok, the hole day i tried to get it to work but this time when i install
> >the certificate as a machine zertifikate the radius authentifikation log
> >ends up with this log below.
> >
> >The Certificates where generated with openssl and all works fine as User
> >certificates but not as computer zertificate. I set the Registry Patch
> >which was diescribed in the mailing list to a value of 2.
> 
> As Ben has suggested in another email, there are some required extensions
> to the certificates to enable Windows to authenticate. How did you make
> your certificates, I followed the instructions in
> http://www.linuxjournal.com/article/8095.
> 
> Steve Atkinson
> 
> 
> Fallibroome High School
> Priory Lane
> Macclesfield
> Cheshire
> SK10 4AF
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list