EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP revealmapp at yahoo.fr
Tue Jul 22 22:10:52 CEST 2008 

log: http://tinypaste.com/5b99b


I am wondering something: some more questions:


as i encounterd problem with included script for certificate files (bootstarp!! am i the one?), i created my own certificate... as I could! the fact is that running bootstrap, client certificate is on error cause it says that server certificate is not valid or not allowed to sign other certificate files...

i created and imported my own on XP for the test: the one DER format of the CA, and the other one p12 format with EKU(of the client). it means, only two!


so my question is, if the certificate (with server extension) is missing on the client, could it interfer in EAP-PEAP authentication success?

thank you



----- Message d'origine ----
De : Reveal MAP <revealmapp at yahoo.fr>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Mardi, 22 Juillet 2008, 12h02mn 26s
Objet : Re : Re : Re : Re : Re :  EAP-TLS OK - EAP-PEAP KO!! why that?


Hello Alan (and all the others too)

I am sory about the delay!
here is the entire log: http://tinypaste.com/5b99b

EAP PEAP still don't work without giving an error message understandable by me! hope it will be clearer for you!

I precise:

NTLM_AUTH authenticate successfully against AD, same with winbind. and EAP-TLS runs Ok

thank you



----- Message d'origine ----
De : Alan DeKok <aland at deployingradius.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Samedi, 19 Juillet 2008, 19h05mn 33s
Objet : Re: Re : Re : Re : Re :  EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP wrote:
>> "f you want to authenticate PEAP users via SQL (which you seem
>> to be saying), then don't configure the mschap module to use ntlm_auth."
> 
> my mistake: i didn't know...

  Huh?  You are aware that AD is not the same as SQL?

> back to Users based on AD.
>...
> in etc/raddb/module/mschap, i have this for ntlm_auth:
...

  And then nothing for "radiusd -X".

  If you can't follow repeated instructions, I think it's impossible for
me to help you.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

________________________________
 Envoyé avec Yahoo! Mail.
Une boite mail plus intelligente. 


      _____________________________________________________________________________ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080722/c0bad995/attachment.html>

More information about the Freeradius-Users mailing list