"Jack Daniels" <da_very_newbie@hotmail.com> wrote:
Is there a way to dump more information about what is going on in the TLS conversation in freeradius?
No. What more information do you think you would need?
Why even if EAP doesn't fail it can't reach the mschap part?
Because the Windows client stops talking to the server.
Should I consider this part (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established as a failure or a success?
I could swear that message has the word "successfully" in it. That looks a whole lot like "success" to me.
In the client computer, if I uncheck the "Validate server certificate" option everything runs smoothly.
Then the problem is that you didn't create the certificates with the magic OID's. See http://wiki.freeradius.org/WPA_HOWTO and http://www.alphacore.net/contrib/nantes-wireless/eap-tls-HOWTO.html If you didn't use the "xpextensions" file, Windows won't like the certs.
I'm using FreeRadius v 1.1.3. Certificates when created were verified with openssl verify and everything was ok.
They're certs, but they're not certs Windows likes. I think for the next rev of the server, we'll take a look at putting huge screaming messages in the logs if the certs don't have the OID's. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog