cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

Sergio sergioyebenes at alumnos.upm.es
Sat Jul 26 01:30:32 CEST 2008 

nf-vale escribió:
> Are you using vista supplicant? By reading the last lines of your radius
> debug file it seems so...
>
>
> See earlier posts with subject:  "PEAP or TTLS and Microsoft Vista".
>
>
>
> Sex, 2008-07-25 às 17:10 +0000, Reveal MAP escreveu:
>   
>>     
>>> installing ca.der and putting user && pass into client machine, the 
>>>       
>> authentication doesn't work?
>>
>>   -- no, it doesn't! 
>>
>>     
>>> you only need ca.der but, if you have an active directory like
>>>       
>> LDAP, 
>> check if your comunication with AD server also have tls
>> authentication.
>> Into ldap module you can configurate another tls block, which it's 
>> different than tls block into eap module.
>>
>>   -- Well, the howto espalaining how freeradius has to authenticate
>> users against Active Directory says nothing about ldap config files on
>> linux server. it just gives tips about samba, using winbind,
>> ntlm_auth, krb5.conf, nsswitch.conf and mschap module in freeradius.
>> I ever success this kind of authentication without reading or changing
>> a line of ldap module in freeradius.
>> and i think, authenticating users against Openldap won't be managed
>> like authentication of freeradius using active directory.
>>
>>     
>>> I don't know if it is your problem, but I suppose that  comunication 
>>>       
>> between ldap server and radius can have different certificates, from 
>> different ca's than  eap comunication.
>>
>>
>> my wireless network is secured with wpa/wpa2 entreprise, requiring a
>> RADIUS server to perform authentication. so i am doing 802.1x
>> authentication which exploit a valid PKI,regardless of the base of
>> users. this is how i understand it.
>>
>>  > If it is your problem, I would 
>> check it. also would be good you post de debug of radius to see which 
>> certificate can't validate.
>>
>> see the logf there: http://tinypaste.com/5b99b 
>> active and valid user is:
>>     login: glouglou
>>     password: glouglou
>>
>> aaa:~ # ntlm_auth --username=glouglou --request-nt-key --domain=PLUTON
>> password:
>> NT_STATUS_OK: Success (0x0)
>> aaa:~ #                     
>>
>>
>> :/ Any help will be appreciated. these days i am wondering about
>> validity of the Server certificate!
>> I have to tell you that, in my case, if i try a peap authentication
>> against Active Directoiry with wrong users credentials, i have an
>> error message saying that login or password is incorrect. with good
>> users credential, i just obtain what you can see in the Radiusd -X
>> output (http://tinypaste.com/5b99b) 
>>
>> thank you
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>> ______________________________________________________________________
>> Envoyé avec Yahoo! Mail.
>> Une boite mail plus intelligente. 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>     
> no, I have this error using both linux wpa_supplicant and xp3. I have wpa_supplicant running ok with another two eap modules, but not with default pki.I'm really "flipado" (I don't know the exact translation of "flipado", but seems to very very very very ......surprised) because i've tried a lot of things to solve it. I think learning english it's a good begining, jejeje. Thanks
>

More information about the Freeradius-Users mailing list