Everything lookslike it works, but PC is not authentified
Alan DeKok
aland at deployingradius.com
Sat Sep 2 16:11:42 CEST 2006
Alexandros Gougousoudis <gougousoudis at kh-berlin.de> wrote:
> vinfo-t1 is the netbiosname of the client, the realm(?) host/ comes from
> Windows or the AP, I don't know. Probably it breaks the cert, because
> the name differs and this bothers EAP/TLS. But I don't know how to
> handle or shorten this. Maybe somebody has a good idea to handle that.
It looks like it is doing machine authentication, in which case the
certs (both client and server) need the machine authentication OIDs,
and not the normal user OIDs. From the CVS head version of
'xpextensions':
#
# Add this to the PKCS#7 keybag attributes holding the client's private key
# for machine authentication.
#
# the presence of this OID tells Windows XP that the cert is intended
# for use by the computer itself, and not by an end-user.
#
# The other solution is to use Microsoft's web certificate server
# to generate these certs.
#
# 1.3.6.1.4.1.311.17.2
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list