No EAP/TLS with XP SP3 since End December
Alexandros Gougousoudis
gougousoudis-list at servicecenter-khs.de
Mon Jan 3 13:04:12 CET 2011
Hi Phil,
Phil Mayers schrieb:
> To be clear, all windows clients fail? But other clients succeed?
Exactly, Ubuntu can authenticate, all XP not.
> It is possible a windows update has removed the intermediate
> certificate from the client(s). IIRC Microsoft have done this in the
> past, expecting the intermediate CA to be provided during TLS
> negotiation. In this case, you need to have the correct CA (chain) at
> the FreeRadius side. Have you got this configured correctly?
Yes, Server cert/key and Client cert/key origin from the same CA, which
is also present at the radius-server. At least that wasn't a problem
since 2 years, after I worked out how to use Radius with XP SP3.
> It won't help running such an old version of FreeRadius.
Yes, but it was enough for us, since we don't need Vista and Win 7
support. I'am working currently on Debian Lenny to make the 2.10 coming
over lenny-backports work. But it's not easy and I don't know if it
fixes the problem. I think an MS security-update killed the radius
authentification.
Is anyone having a working auth with Freeradius und a fully patched XP
Pro SP3?
TIA
Alex
More information about the Freeradius-Users
mailing list