<div>Steve</div><div> </div><div>Windows is trying to validate the server Cert. By default we have server Cert Validation enabled. You can disable this from the properties.</div><div> </div><div>Regards</div><div> </div><div>
Aman Arneja<br><br></div><div class="gmail_quote">On Wed, May 30, 2012 at 1:47 AM, Steve Hopps <span dir="ltr"><<a href="mailto:steve.hopps@gmail.com" target="_blank">steve.hopps@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
The only computer in our office which causes certificate errors is a<br>
Windows 7 machine. So I attempted to connect using EAP/TTLS and<br>
MSCHAPv2 using my linux machine and my Android phone. Now I get a<br>
different error.<br>
<br>
I also tried using PEAP on my Android phone, and received no<br>
certificate errors. What could the windows machine be doing different?<br>
Why does the machine even enter the picture when the authentication is<br>
between the Access Point and the server?<br>
<br>
Below is the portion of the log which shows the rejection, when using<br>
my Android phone, TTLS and MSCHAPv2 (that is what Windows uses isnt<br>
it?) Where I am confused is near the bottom, what is causing the<br>
rejection?<br>
<br>
++[pam] returns invalid<br>
<br>
or<br>
<br>
[eap] Handler failed in EAP/ttls<br>
[eap] Failed in EAP select<br>
++[eap] returns invalid<br>
<br>
log follows----<br>
<br>
server inner-tunnel {<br>
# Executing section authorize from file<br>
/etc/freeradius/sites-enabled/inner-tunnel<br>
+- entering group authorize {...}<br>
++[chap] returns noop<br>
[suffix] No '@' in User-Name = "test", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
++[control] returns noop<br>
[eap] No EAP-Message, not doing EAP<br>
++[eap] returns noop<br>
[files] users: Matched entry DEFAULT at line 222<br>
++[files] returns ok<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
++[pap] returns noop<br>
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!<br>
Cancelling invalid proxy request.<br>
Found Auth-Type = PAM<br>
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel<br>
+- entering group authenticate {...}<br>
rlm_pam: Attribute "User-Password" is required for authentication.<br>
++[pam] returns invalid<br>
Failed to authenticate the user.<br>
Login incorrect: [test] (from client -REMOVED- port 0 via TLS tunnel)<br>
} # server inner-tunnel<br>
[ttls] Got tunneled reply code 3<br>
[ttls] Got tunneled Access-Reject<br>
[eap] Handler failed in EAP/ttls<br>
[eap] Failed in EAP select<br>
++[eap] returns invalid<br>
Failed to authenticate the user.<br>
Login incorrect: [test] (from client -REMOVED- port 0 cli B4-07-F9-F2-99-F6)<br>
Using Post-Auth-Type Reject<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br>