XP SP3 an EAP-TLS partly solution
gougousoudis-list at servicecenter-khs.de
Fri Jan 23 09:18:02 CET 2009
tnt at kalik.net schrieb:
> You should upgrade to the latest version. If that doesn't cure it, try
> making client certificate signed by the CA and not server certificate.
I had 2.1.3 running a week ago, but it didn't work also. But I wasn't
sure about the configs. Unfortunately the documentation is bad. Any hints?
Someone on this list recommended me to upgrade to 1.1.7 to make it work
(wasn't it you? :-) ), but it doesn't work.
The certs shouldn't be the problem. On the clients I have a client cert
with right extended-usage and the server has a server-cert with the
right attributes. In XP the certmgr says it's for
Clientauthentification. They worked with SP2. But I also tried to
install a server-cert with client-extended-usage, also no success. I'am
a bit worried about the registry-errors in the logs I've posted.
I can't believe that I'am the first one who tried to authenticate an XP
SP3 machine with EAP-TLS to Freeradius. I mean, XP has a
market-domincnce of >95% and this problem should also occur if you
authenticate via WLAN. So there must be a solution and I'am doing
something terrebly wrong.
I'd like to hear from at least one person that it works. At the moment I
believe XP SP3 is incompatible to Freeradius.
More information about the Freeradius-Users