PFA. ________________________________ From: Freeradius-Users <freeradius-users-bounces+mustafa.mujahid=outlook.com@lists.freeradius.org> on behalf of mustafa mujahid <mustafa.mujahid@outlook.com> Sent: Thursday, March 9, 2017 12:53 AM To: FreeRadius users mailing list Subject: Re: eap_peap: fatal access_denied error Hi , So I re-created the certificates in the certs directory. I'm no longer getting the 'fatal access denied' error. but this time I got this after a along 11 page debug ouput: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state ...... did not finish! WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility Certificate Compatibility - FreeRADIUS<http://wiki.freeradius.org/guide/Certificate_Compatibility> wiki.freeradius.org The certificates created using the scripts in the raddb/certs directory (https://github.com/FreeRADIUS/freeradius-server/tree/v3.0.x/raddb/certs) are known to be ... WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I researched the link provided and seems that the client certificate requires the OID mentioned in xpextension file to be present in it. But what I don't understand is how can I incorporate this OID into the certificate. I created the certificates using the 'bootstrap' script in the certs directory Should I manually run the commands present in the README file or should the make command automatically generate the certs and include the OID or would I have to do it. Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 CRL Distribution Points: Right the above is a part of the client.crt file . Please guide me in this regard and excuse any lapse in understanding that I may have. By the way I attached a screen shot of the prompt I received on client machine when first authenticated. BR/Mustafa ________________________________ From: Freeradius-Users <freeradius-users-bounces+mustafa.mujahid=outlook.com@lists.freeradius.org> on behalf of Alan DeKok <aland@deployingradius.com> Sent: Wednesday, March 8, 2017 10:05 AM To: FreeRadius users mailing list Subject: Re: eap_peap: fatal access_denied error On Mar 8, 2017, at 12:53 PM, mustafa mujahid <mustafa.mujahid@outlook.com> wrote:
Hello all, I've been trying to authentication LAN on Cisco 2960 Switch. I've done configurations with PAP but this is the first time working with EAP. I have run into a bit of an issue. I receive a 'fatal :access denied error' in the debug log while testing with a single client. Radius version is 3.0.12
Using google, the first link is: https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Certificate-... GTACKnowledge - Clients cannot authenticate to NAC because ...<https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Certificate-problems> gtacknowledge.extremenetworks.com Clients cannot authenticate to NAC because of TLS Alert Read: fatal access denied errors or missing FQDN name in certificate GTACKnowledge - Clients cannot authenticate to NAC because ...<https://gtacknowledge.extremenetworks.com/articles/Solution/NAC-Certificate-problems> gtacknowledge.extremenetworks.com Clients cannot authenticate to NAC because of TLS Alert Read: fatal access denied errors or missing FQDN name in certificate Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html> www.freeradius.org<http://www.freeradius.org> Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html