On Aug 7, 2005, at 7:47 AM, A.L.M.Buxey@lboro.ac.uk wrote:
I chose to start with this article as it was one of the most recent tutorials I could find on the topic of FreeRADIUS and EAP TLS.
strange. the EAP-TLS HOWTO seems uite straight forward. everything else is a rewrite of this guide.
For me, I appreciated the tutorial approach of Bauer's article vs something more scripted because it helped me understand what was going on. I hadn't ever set up CAs and certificates before so Bauer's article was better for me, especially Part 1 which laid out the WPA landscape. The EAP-TLS HOWTO was fine, I just didn't get the lay of the land as a background that I needed to understand where I was headed and why.
interesting. we've used pass phrases...stops people just copying the certificate onto any unknown machine.
Indeed it works either way as I found out, so again, not sure what he was referring to in the article.
client p12 file both ways and reimporting to XP's Personal Certificates to no avail. Is that pkcs12 passphrase assertion still true for XP supplicant? Either way, with or without, I can't get this to work, so that must not be the issue.
did you use the extra XP SSL additions as per the EAP-TLS HOWTO?
Yes I had the ASN1 xpextensions all along; that was not the problem as it turned out.
though this seems to suggest that your FreeRADIUS doesnt know much about this certificate. I'd check the eap.conf file
The eap.conf was correct also. I think the problem was that the certs I generated for CA and server weren't in the ssl/certs directory though they were in the raddb/ certs directory. Other than that, I don't think I did anything different between attempts at CA and cert creation when I finally got it working. Definitely didn't change my radiusd.conf, clients.conf or eap.conf files between attempts, so it was definitely cert related. I need to experiment a little more to see where I went wrong the first couple attempts, but all the conf files were correct as I didn't change them between attempts. Thanks, Landon