windows 7 eap-tls authentication

Christian Bösch boesch at fhv.at
Wed Apr 4 13:47:54 CEST 2012


hi list,

i want to authenticate windows 7 computers with tls certificates.
the certs have the special windows OIDs, but i still get the error from below.
on the website http://wiki.freeradius.org/Certificate_Compatibility there is only winxp mentioned.
is there maybe any difference with windows 7? has anyone done this or a hint whats going wrong?

thanks in advance, 
chris


---
rad_recv: Access-Request packet from host 172.16.64.240 port 1645, id=133, length=153
	User-Name = "host/cb-nb"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-12-01-1B-2A-40"
	Calling-Station-Id = "00-24-7E-6B-E4-BE"
	EAP-Message = 0x0202000f01686f73742f63622d6e62
	Message-Authenticator = 0xdfa853b693abac5cede3b893dac561ba
	NAS-Port-Type = Ethernet
	NAS-Port = 50217
	NAS-Port-Id = "FastEthernet2/17"
	NAS-IP-Address = 172.16.64.240
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 133 to 172.16.64.240 port 1645
	EAP-Message = 0x010300060d20
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xebeac82aebe9c52b6c542d897c25837b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 133 with timestamp +15
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xebeac82aebe9c52b did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120404/1e7b9c88/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4373 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120404/1e7b9c88/attachment-0001.bin>


More information about the Freeradius-Users mailing list