R: EAP-TLS multi clients

Lazzarini Matteo MLazzarini at crema.unimi.it
Tue Aug 29 16:19:02 CEST 2006


OK.
First of all I make excuses myself for my little precise English. :-(
The scripts about which I speak they are those inside of the "scripts" directory of freeradius sources. (CA.all)
I use the client's certificate (cert-clt.p12) for my user who connects itself correctly to the wlan, authenticated from freeradius whit eap-tls. 
Now therefore not there are more problems for that it regards the authentication.

What I wanted to know is if there is a way in order to obtain more certs for others client of the wlan. The CA.all script generates me only 1 server, 1 client and 1 root....

Thanks


-----Messaggio originale-----
Da: freeradius-users-bounces+mlazzarini=crema.unimi.it at lists.freeradius.org per conto di K. Hoercher
Inviato: mar 29/08/2006 14.51
A: FreeRadius users mailing list
Oggetto: Re: EAP-TLS multi clients
 
On 8/29/06, Lazzarini Matteo <MLazzarini at crema.unimi.it> wrote:
>  I have used three scripts to generate certs root, server and client (with
> xpextension).
>  They exist of the certs for multi clients to use for eap-tls?
Hi,

Which scripts? I'm not sure what your last sentence means. Afaik you
should give out one (client) certificate per user.

Whats the debugging output?

Supposing it's the *same* problem as with your previous tests
regarding eap-peap/mschapv2 did you check for the hint Alan gave?

Furthermore the whole range suggested in <44EC33BA.5060105 at c-lab.de>
might be useful. (regarding #1, please see
http://lists.shmoo.com/pipermail/hostap/2006-July/013673.html ). While
perhaps being the most cumbersome, a full capture like suggested might
be also most instructive.

The nas log you showed in <44EC921B.1010706 at crema.unimi.it> sadly
isn't very concise. But as it somehow mentiones an EAP-Response with
your desired username, it would be good to know if/when/how it sends
those out to freeradius, as they seem to get lost. So capturing the
traffic between nas and freeradius would be a good idea also.

If that doesn't give yourself any clues, I'd suggest providing url's
where to download those informations. Please don't try to put some
digested information into an line mangling mua or an eventually
similar way of making it unnecessary hard to look into it for those
trying to help.

regards
K. Hoercher
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4201 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060829/ca73d0e6/attachment.bin>


More information about the Freeradius-Users mailing list