EAP-TLS & computer account(not user)

tnt at kalik.net tnt at kalik.net
Thu Oct 9 12:16:32 CEST 2008


You (or whoever makes these certificates) have set up certificate
creation that way. Change it so that CN is equal to User-Name.

Ivan Kalik
Kalik Informatika ISP


Dana 9/10/2008, "Guk Victor" <v.guk at zaz.zp.ua> piše:

>
>
>
>  
>  
>
>
>
>  I use eap-tsl for the registration record of computer. It is necessary
>>to open access to the network to pressure of Ctrl+Alt+Del.
>>I will not understand what is the matter:
>>
>  
>  ..
>  
>  
>    >radius_xlat:  'host/cit44'
>>    rlm_eap_tls: checking certificate CN (cit44) with xlat'ed value
>>(host/cit44)
>>rlm_eap_tls: Certificate CN (cit44) does not match specified value
>>(host/cit44)!
>>chain-depth=0,
>>error=0
>>--> User-Name = host/cit44
>>--> BUF-Name = cit44
>>--> subject = /C=UA/ST=Berkshire/L=Newbury/O=zaz/OU=mis/CN=cit44
>>--> issuer  = /C=UA/ST=ZaporozshE/L=ZP/O=ZAZ/OU=MIS/CN=Administrator
>>--> verify return:0
>    
>  
>  ..
>
>User-Name and CN are not the same. Create a proper certificate.
>
>I created new certificate from CN=host/cit44. This is what it is
>obtained:
>
>radius_xlat:  'host/host/cit44'
>rlm_eap_tls: checking certificate CN (host/cit44) with xlat'ed value
>(host/host/cit44)
>rlm_eap_tls: Certificate CN (host/cit44) does not match specified value
>(host/host/cit44)!
>chain-depth=0,
>error=0
>User-Name = host/host/cit44
>BUF-Name = host/cit44
>subject = /C=UA/ST=Berkshire/L=Newbury/O=zaz/OU=mis/CN=host/cit44
>issuer  = /C=UA/ST=ZaporozshE/L=ZP/O=ZAZ/OU=MIS/CN=Administrator
>verify return:0
>Why to User-Name is added "/host"?
>
>
>
>




More information about the Freeradius-Users mailing list