windows7 machine authentication
p.mayers at imperial.ac.uk
Tue Aug 24 16:30:14 CEST 2010
On 24/08/10 15:19, alois blasbichler wrote:
> Hello list
> We use freeradius with opendlap and machine-authentification
> (samba-pcs) for years with success.
> Windows xp and vista clients works fine.
> Now i wanted to authenticate a Windows 7 laptop and i get the
> following errors :
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 12 length 19
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> and then
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 7
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap]<<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
> TLS_accept:failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
> TLS receive handshake failed during operation
> [peap] eaptls_process returned 4
> I dont use certificates neither on the server and neither on the client side.
Yes you do. PEAP requires a server cert.
> I read in teh internet that also windows7 should work without
> certificates - is that true ?
No it is not.
> Wath can bee the problem ?
The clients don't know the server CA.
More information about the Freeradius-Users