EAP-TLS multi clients

K. Hoercher wbhoer at gmail.com
Tue Aug 29 14:51:27 CEST 2006


On 8/29/06, Lazzarini Matteo <MLazzarini at crema.unimi.it> wrote:
>  I have used three scripts to generate certs root, server and client (with
> xpextension).
>  They exist of the certs for multi clients to use for eap-tls?
Hi,

Which scripts? I'm not sure what your last sentence means. Afaik you
should give out one (client) certificate per user.

Whats the debugging output?

Supposing it's the *same* problem as with your previous tests
regarding eap-peap/mschapv2 did you check for the hint Alan gave?

Furthermore the whole range suggested in <44EC33BA.5060105 at c-lab.de>
might be useful. (regarding #1, please see
http://lists.shmoo.com/pipermail/hostap/2006-July/013673.html ). While
perhaps being the most cumbersome, a full capture like suggested might
be also most instructive.

The nas log you showed in <44EC921B.1010706 at crema.unimi.it> sadly
isn't very concise. But as it somehow mentiones an EAP-Response with
your desired username, it would be good to know if/when/how it sends
those out to freeradius, as they seem to get lost. So capturing the
traffic between nas and freeradius would be a good idea also.

If that doesn't give yourself any clues, I'd suggest providing url's
where to download those informations. Please don't try to put some
digested information into an line mangling mua or an eventually
similar way of making it unnecessary hard to look into it for those
trying to help.

regards
K. Hoercher



More information about the Freeradius-Users mailing list