Problems using EAP-TLS with freeradius version 2

Stefan Puch s.puch at web.de
Wed Jan 30 11:13:09 CET 2008 

Hello everyone,

I've got some problems with the new version of freeradius, but before I'm going
to open a new bugreport or post long debugtraces from "radiusd -X" I want to ask
here if someone else has made similar experiences.

I've set up a freeradius server version 1.1.7 in our club to authenticate
several Notebooks. This worked fine with Windows XP, Windows Vista and Linux
clients using EAP-TLS certificates (many thanks for the good documentation of
the OIDs in the TLS certificate).

Then some people came with their mobile devices which are running Windows Mobile
2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the problems began.
The same EAP-TLS certificate which worked fine on a Windows XP machine doesn't
work on e.g. Windows Mobile 6 PDA.
So first I updated the freeradius version to the latest release (2.0.1), checked
and modified  all configuration files and so on, but that didn't solve the
problem, it made them getting worser.

With the new version 2.0.1 the Windows and Linux Laptops are not able to
authenticate any more with the freeradius server (the certificates are still the
same). The server sends an ACCESS, but the behavior is like described in the FAQ
"PEAP or EAP-TLS Doesn't Work with a Windows machine". Downgrading to the
previous version of freeradius 1.1.7 makes them work again, freeradius version
2.0.0 doesn't work either.

Does anyone of the experts here know what could be the problem (a guess, perhaps
what changed from version 1.1.7 to version 2.0.1)?
My goal is first to make the clients using Windows XP, Vista and Linux work
again with freeradius version2 and EAP-TLS. After fixing that it would be fine,
if freeradius would also work the different Windows Mobile systems.

So, what would be helpful to analyze the problem? All config files or just the
output from radiusd -X from both versions in order to make a diff or should I
open a new bug in the tracking system as well?
I would like to provide USEFULL debug-traces, so that it is easier for the
experts to solve the problem and not to much work for me when providing useless
informations.

Best regards and thanks in advance

Stefan Puch

More information about the Freeradius-Users mailing list