Hi Alan,
You are doing good job and  kudos to your team. Just want some clarafication on this issue.
 
make_cert_command = "${certdir}/bootstrap"; its excellent tool but it only creates clientAuth and serverAuth and does not add PEAP which ofcourse one can add by himself.  Eventhough freeradius will authenticate some supplicants will require users to first time save the cert. Windows supplicants the oids :  xpclient_ext and xpserver_ext  and on MAC supplicants ? ; it usually pops up message "the server certificate is not trusted because there no explicit trust settings"  what explicit trust settings is it looking for - does it require the setting of eap oid ?. The question is what is the difference between web server and radius server certificates with respect to ssl and wireless in the context of EAP, PEAP. Does it matter if the cn is the SSID of the wireless network for radius server auth and server domain name for webserver auth?

[ PEAP ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

[ clientAuth ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ serverAuth ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
 
==================================================
 
Benjamin K. Eshun




Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail