<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">hi list,<div><br></div><div>i want to authenticate windows 7 computers with tls certificates.</div><div>the certs have the special windows OIDs, but i still get the error from below.</div><div>on the website <a href="http://wiki.freeradius.org/Certificate_Compatibility">http://wiki.freeradius.org/Certificate_Compatibility</a> there is only winxp mentioned.</div><div>is there maybe any difference with windows 7? has anyone done this or a hint whats going wrong?</div><div><br></div><div>thanks in advance, </div><div>chris</div><div><br></div><div><br></div><div>---</div><div><div>rad_recv: Access-Request packet from host 172.16.64.240 port 1645, id=133, length=153</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "host/cb-nb"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1500</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "00-12-01-1B-2A-40"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "00-24-7E-6B-E4-BE"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0202000f01686f73742f63622d6e62</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xdfa853b693abac5cede3b893dac561ba</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Ethernet</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 50217</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Id = "FastEthernet2/17"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 172.16.64.240</div><div># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</div><div>+- entering group authorize {...}</div><div>[eap] EAP packet type response id 2 length 15</div><div>[eap] No EAP Start, assuming it's an on-going EAP conversation</div><div>++[eap] returns updated</div><div>Found Auth-Type = EAP</div><div># Executing group from file /usr/local/etc/raddb/sites-enabled/default</div><div>+- entering group authenticate {...}</div><div>[eap] EAP Identity</div><div>[eap] processing type tls</div><div>[tls] Requiring client certificate</div><div>[tls] Initiate</div><div>[tls] Start returned 1</div><div>++[eap] returns handled</div><div>Sending Access-Challenge of id 133 to 172.16.64.240 port 1645</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010300060d20</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0xebeac82aebe9c52b6c542d897c25837b</div><div>Finished request 0.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div><div>Cleaning up request 0 ID 133 with timestamp +15</div><div>WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</div><div>WARNING: !! EAP session for state 0xebeac82aebe9c52b did not finish!</div><div>WARNING: !! Please read <a href="http://wiki.freeradius.org/Certificate_Compatibility">http://wiki.freeradius.org/Certificate_Compatibility</a></div><div>WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!</div><div>Ready to process requests.</div></div><div>---</div></body></html>