cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

Reveal MAP revealmapp at yahoo.fr
Sun Jul 27 05:07:09 CEST 2008



I read the post:   "PEAP or TTLS and Microsoft Vista".

what i remain is i have to test another wireless mlanager differentthan trhe built-in of windows XP. ok, i will as soon as i will be infront of the server (no chance, it's week-end now)



----- Message d'origine ----
De : nf-vale <nf-vale at critical-links.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Vendredi, 25 Juillet 2008, 20h51mn 58s
Objet : Re : Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

Are you using vista supplicant? By reading the last lines of your radius
debug file it seems so...


See earlier posts with subject:  "PEAP or TTLS and Microsoft Vista".



Sex, 2008-07-25 às 17:10 +0000, Reveal MAP escreveu:
> 
> 
> > installing ca.der and putting user && pass into client machine, the 
> authentication doesn't work?
> 
>   -- no, it doesn't! 
> 
> > you only need ca.der but, if you have an active directory like
> LDAP, 
> check if your comunication with AD server also have tls
> authentication.
> Into ldap module you can configurate another tls block, which it's 
> different than tls block into eap module.
> 
>   -- Well, the howto espalaining how freeradius has to authenticate
> users against Active Directory says nothing about ldap config files on
> linux server. it just gives tips about samba, using winbind,
> ntlm_auth, krb5.conf, nsswitch.conf and mschap module in freeradius.
> I ever success this kind of authentication without reading or changing
> a line of ldap module in freeradius.
> and i think, authenticating users against Openldap won't be managed
> like authentication of freeradius using active directory.
> 
> >I don't know if it is your problem, but I suppose that  comunication 
> between ldap server and radius can have different certificates, from 
> different ca's than  eap comunication.
> 
> 
> my wireless network is secured with wpa/wpa2 entreprise, requiring a
> RADIUS server to perform authentication. so i am doing 802.1x
> authentication which exploit a valid PKI,regardless of the base of
> users. this is how i understand it.
> 
>  > If it is your problem, I would 
> check it. also would be good you post de debug of radius to see which 
> certificate can't validate.
> 
> see the logf there: http://tinypaste.com/5b99b 
> active and valid user is:
>     login: glouglou
>     password: glouglou
> 
> aaa:~ # ntlm_auth --username=glouglou --request-nt-key --domain=PLUTON
> password:
> NT_STATUS_OK: Success (0x0)
> aaa:~ #                    
> 
> 
> :/ Any help will be appreciated. these days i am wondering about
> validity of the Server certificate!
> I have to tell you that, in my case, if i try a peap authentication
> against Active Directoiry with wrong users credentials, i have an
> error message saying that login or password is incorrect. with good
> users credential, i just obtain what you can see in the Radiusd -X
> output (http://tinypaste.com/5b99b) 
> 
> thank you
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> ______________________________________________________________________
> Envoyé avec Yahoo! Mail.
> Une boite mail plus intelligente. 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


      _____________________________________________________________________________ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080727/2037baff/attachment.html>


More information about the Freeradius-Users mailing list