Graham, Robert wrote:
When I generated the certificates, I created the server key and server csr with openssl. I signed the csr with a Windows CA (adding the XPextensions) and then converted the DER format to PEM using openssl.
What's wrong with the certificate creation scripts in raddb/certs? They work...
I verified that the certificate did have the Extended Key Attributes:
[root@radius mycerts]# openssl x509 -text -noout -in radius2.pem shows:
X509v3 Extended Key Usage: TLS Web Server Authentication
Which is required, but not sufficient for Windows to work.
When I try to authenticate, I did not see any errors, but at the end of the debug output shows:
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x17d5444b10dc5de2 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ... I regenerated the certificates with the same results. Does anyone have a clue on what is happening?
Have you tried reading that web page? It contains detailed instructions. It also contains a pointer to another web page with step-by-step instructions for debugging PEAP. This *is* documented. Alan DeKok.