EAP-TLS/PEAP problem

Joel MBA OYONE mba_oyone at yahoo.fr
Wed Apr 30 12:43:04 CEST 2008 

Hello list.
I am sorry about my poor english skills but hope i could be understood anyway.
I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my users in the "/etc/raddb/users" file are able to authenticate without no problem.
i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two sheets) which is very helpfull.
but on the second part of the tuto, i encounter a problem with the extensions part:
- it is said to create a file named "extensions" (my case /etc/pki/tls/extensions) and to copy that lines into:
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
and then to modify my previous certificate like that:
# openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
# openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreq.pem 
when i do this, the system give me an error message:
[root at ensiasra ensiasCA]# pwd
/etc/pki/CA/ensiasCA
[root at ensiasra ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions xpserver_ext -infiles certs/radiusserverreq.pem 
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
Error Loading extension section xpserver_ext
4230:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn
[root at ensiasra ensiasCA]# 

i suppose i have problem creating extensions.... 
there's a long time i try to fix it (and some many before), and right now, i come and ask your help to fix it.
thanx for helping

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
20000 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080430/d207dc59/attachment.html>

More information about the Freeradius-Users mailing list