Everything lookslike it works, but PC is not authentified
Phil Mayers
p.mayers at imperial.ac.uk
Fri Sep 1 17:06:07 CEST 2006
Stefan Winter wrote:
> Hi,
>
>> Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
>> EAP-Message = 0x0112000a0d8000000000
>> Message-Authenticator = 0x00000000000000000000000000000000
>> State = 0x3f9387f3adb41ddea578c30fd328358f
>> Finished request 13
>> Going to the next request
>> Waking up in 6 seconds...
>
> This *doesn't* look like it works. The server sends a packet to the client,
> and the client refuses to answer thereafter. The usual cause of this, which
> generates the same question and the same answers multiple times a week in
> this list, is that the server cert doesn't have the MS TLS Web Server
> Authentication OID in the cert. Please read the various documentation about
I wonder if it would be possible to have the PEAP, TLS and TTLS EAP
sub-modules print a VERY LOUD WARNING if that OID is missing from the
certificate on startup?
A quick 60 second scan of the OpenSSL API doesn't show the obvious call,
but given how incomprehensible the OpenSSL API is in general, that's not
surprising...
More information about the Freeradius-Users
mailing list