authenticate problem XP eap/tls

Ben Walding ben.walding at gmail.com
Mon Oct 10 02:18:49 CEST 2005


Make sure that you either don't validate the server certificate, or that if
you do, that the CA is selected.

The XP supplicant will just keep hammering at the server without accepting
the response if the CA / server checking doesn't pass.

The other thing to do is look at the RASTLS (and/or EAPOL) logs.

eg:

netsh ras set tracing rastls enabled

And then take a look at the files in c:\windows\tracing

Cheers,

Ben


On 10/10/05, Thuis Algemeen <thuis-algemeen at chello.nl> wrote:
>
> Thanks Allan,
>
> I used a file called xpextensions with both a client section and server a
> server section.
> The client certificate present on the laptop display's : Clientverificatie
> (1.3.6.1.5.5.7.3.2)
> The server certificate present on the server display's : Verificatie van
> de
> server (1.3.6.1.5.5.7.3.1)
>
> ----- Original Message -----
> From: "Alan DeKok" <aland at ox.org>
> To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org
> >
> Sent: Sunday, October 09, 2005 5:49 PM
> Subject: Re: authenticate problem XP eap/tls
>
>
> > "Thuis Algemeen" <thuis-algemeen at chello.nl> wrote:
> >> Here the log from freeradius, the onl error I can see is :
> >> "TLS_accept:error in SSLv3 read client certificate A".
> >
> > That error is in the middle of the authentication session, and
> > doesn't mean anything.
> >
> > Do the certificates you're using have the Windows OID?
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051010/11c016a1/attachment.html>


More information about the Freeradius-Users mailing list