on freeradius 3.0.0
Ben Humpert
ben at an3k.de
Sat Jun 6 16:58:24 CEST 2015
The client certificate needs extendedKeyUsage = clientAuth and you
need to install it for the current user if you select user
authentication in the 802.1x authentication page in windows NIC. If
you want machine authentication you need to install it for the local
machine.
The subject DN for the client certificate can be anything you want,
however you need the CN of the client certificate match the user name
entry in FR user file - or you configure windows to use a different
user name but then you get a popup asking for that name every time you
disable and re-enable 802.1x or manually disable and re-enable the
NIC.
2015-06-06 15:31 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
> On Jun 6, 2015, at 8:19 AM, Yaisel Cruz Zuñiga <ycruz at ucf.edu.cu> wrote:
>> Hello list, I have already freeradius working against an AD but have problems with certificates, authenticate mobile well and downloading the certificate but not Windows 7 PC, ask the user and password repeatedly.
>>
>> I have a digital certificate server AD
>> (radius-ca.cer)
>> This can be used for freeradius?
>
> Yes.
>
> Did you create the certificates with the correct OIDs? See raddb/certs/README. This is documented.
>
> Windows needs magic things in the certificates, otherwise it refuses to work.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list