When I enable RASTLS, I see the following
error:
[1304] 19:33:27:968:
EapTlsInvokeIdentityUI
[1304] 19:33:27:968: GetCertInfo
[1304]
19:33:27:984: FCheckSCardCertAndCanOpenSilentContext
[1304] 19:33:27:984:
FGetEKUUsage
[1304] 19:33:27:984: Acquiring Context for Container Name:
{226FADA0-66DE-4423-BFBF-448D710E1BF2}, ProvName: Microsoft Base Cryptographic
Provider v1.0, ProvType 0x1
[1304] 19:33:28:000: FCheckTimeValidity
[1304]
19:33:28:000: Add Selected Cert to List
[1304] 19:33:28:000:
FCheckSCardCertAndCanOpenSilentContext
[1304] 19:33:28:000:
FGetEKUUsage
[1304] 19:33:28:000: Acquiring Context for Container Name:
{F4FC41A8-ECDF-4B9A-A613-A457D74DDFF8}, ProvName: Microsoft Enhanced
Cryptographic Provider v1.0, ProvType 0x1
[1304] 19:33:28:015:
FCheckTimeValidity
[1304] 19:33:28:015: Add Selected Cert to List
[1304]
19:33:28:015: GroupCertificates
[1304] 19:33:35:078:
[1304] 19:33:35:078:
EapTlsBegin(Jurgen Tessers)
[1304] 19:33:35:078: State change to
Initial
[1304] 19:33:35:078: EapTlsBegin: Detected 8021X
authentication
[1304] 19:33:35:078: MaxTLSMessageLength is now
16384
[1304] 19:33:35:078:
[1304] 19:33:35:078: EapTlsMakeMessage(jurgen
tessers)
[1304] 19:33:35:078: >> Received Request (Code: 1) packet: Id:
1, Length: 6, Type: 13, TLS blob length: 0. Flags: S
[1304] 19:33:35:078:
EapTlsCMakeMessage
[1304] 19:33:35:078: EapTlsReset
[1304] 19:33:35:078:
State change to Initial
[1304] 19:33:35:078: GetCredentials
[1304]
19:33:35:078: Flag is Client and Store is Current User
[1304] 19:33:35:078:
GetCachedCredentials
[1304] 19:33:35:078: FreeCachedCredentials
[1304]
19:33:35:078: AssociatePinWithCertificate
[1304] 19:33:35:093: The name in
the certificate is: Jurgen Tessers
[1304] 19:33:35:093: Will validate server
cert
[1304] 19:33:35:125: MakeReplyMessage
[1304] 19:33:35:125:
SecurityContextFunction
[1304] 19:33:35:125: InitializeSecurityContext
returned 0x90312
[1304] 19:33:35:125: State change to SentHello
[1304]
19:33:35:125: BuildPacket
[1304] 19:33:35:125: << Sending Response
(Code: 2) packet: Id: 1, Length: 80, Type: 13, TLS blob length: 70. Flags:
L
[2448] 19:33:35:140:
[2448] 19:33:35:140: EapTlsMakeMessage(jurgen
tessers)
[2448] 19:33:35:140: >> Received Request (Code: 1) packet: Id:
2, Length: 1030, Type: 13, TLS blob length: 1020. Flags: L
[2448]
19:33:35:140: EapTlsCMakeMessage
[2448] 19:33:35:140:
MakeReplyMessage
[2448] 19:33:35:140: Reallocating input TLS blob
buffer
[2448] 19:33:35:140: SecurityContextFunction
[2448] 19:33:35:281:
InitializeSecurityContext returned 0x80096004
[2448] 19:33:35:281: State
change to RecdFinished. Error: 0x80096004
[2448] 19:33:35:281:
BuildPacket
[2448] 19:33:35:281: << Sending Response (Code: 2) packet:
Id: 2, Length: 6, Type: 13, TLS blob length: 0. Flags:
[2448] 19:33:35:281:
[2448] 19:33:35:281: EapTlsMakeMessage(jurgen tessers)
[2448]
19:33:35:281: >> Received Request (Code: 1) packet: Id: 3, Length: 10,
Type: 13, TLS blob length: 0. Flags: L
[2448] 19:33:35:281:
EapTlsCMakeMessage
[2448] 19:33:35:281: Unexpected code: 1 in state
RecdFinished
[2448] 19:34:05:296: EapTlsEnd
[2448] 19:34:05:296:
EapTlsEnd(jurgen tessers)
[2448] 19:34:05:296: Auth failed so freeing
cached creds.
[2448] 19:34:05:296: FreeCachedCredentials
[2448]
19:34:05:296:
[2448] 19:34:05:296: EapTlsBegin(Jurgen Tessers)
[2448]
19:34:05:296: State change to Initial
[2448] 19:34:05:296: EapTlsBegin:
Detected 8021X authentication
[2448] 19:34:05:296: MaxTLSMessageLength is now
16384
etc, etc . . ..
----- Original Message -----
Sent: Monday, October 10, 2005 2:18
AM
Subject: Re: authenticate problem XP
eap/tls
Make sure that you either don't validate the server
certificate, or that if you do, that the CA is selected.
The XP
supplicant will just keep hammering at the server without accepting the
response if the CA / server checking doesn't pass.
The other thing to
do is look at the RASTLS (and/or EAPOL) logs.
eg:
netsh ras set tracing rastls enabled
And then take a look at the files in c:\windows\tracing
Cheers,
Ben
On 10/10/05, Thuis
Algemeen <thuis-algemeen@chello.nl>
wrote:
Thanks
Allan,
I used a file called xpextensions with both a client section
and server a
server section.
The client certificate present on the
laptop display's : Clientverificatie
(1.3.6.1.5.5.7.3.2)
The server
certificate present on the server display's : Verificatie van de
server
(1.3.6.1.5.5.7.3.1)
----- Original Message -----
From: "Alan
DeKok" <aland@ox.org>
To:
"FreeRadius users mailing list" <
freeradius-users@lists.freeradius.org>
Sent: Sunday, October 09,
2005 5:49 PM
Subject: Re: authenticate problem XP eap/tls
>
"Thuis Algemeen" <
thuis-algemeen@chello.nl> wrote:
>> Here the log
from freeradius, the onl error I can see is :
>> "TLS_accept:error
in SSLv3 read client certificate A".
>
> That error
is in the middle of the authentication session, and
> doesn't mean
anything.
>
> Do the certificates you're using have
the Windows OID?
>
> Alan DeKok.
>
>
-
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List
info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html