On Dec 19, 2016, at 11:18 AM, <Dominik.A.Schorpp@ids.de> <Dominik.A.Schorpp@ids.de> wrote:
Follow the EAP guide at: http://deployingradius.com
It WILL work.
I have no doubt that it will not work if I follow the Guide.
If you don't trust the experts, why are you asking questions on this list?
I have now created a Client Certificate with the makefile in "raddb/certs", and the Certificate has the "Extended Key Usage" "TLS Web Client Authentication". As I said, a Certificate which I created by myself via "xca" and with the "Extended Key Usage" "TLS Web Server Authentication, TLS Web Client Authentication" has worked already properly. But the Final Setup will be running with Certificates which are not created by us, the Certificate will be coming from a Customer CA.
If only there was some documentation on how to create certificates that work...
But there is still my second Question, now mostly for interest.
And why is it not enough that the "X509v3 Extended Key Usage" has "EAP over LAN" in it?
Ask the people who wrote the client how their client works. Alan DeKok.