Hi folks: I'm still trying to configure any authentication method that includes a client certificate validation (PEAP, EAP-TTLS... ) behind my window-vista supplicant software client, but unfortunately no successfully. Attached to this mail is the output of one PEAP try. The authentication starts once and again forever, in a loop, but never ends successfully. I have verify that the client certificate include the Microsoft extensions # openssl x509 -text -in client.pem X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication and also... I have signed certificates by using the Makefile from version 2.1.8 (latest one) I'm a bit frustrated with this "certificates" locking point. Thanks a lot in advance for your help. Regards, Fernando.
hi, not sure about your mix of PEAP or EAP-TTLS iwht client certificate - usually these systems use another form of user auth - such as password, generic token card etc .... what you need is the server certificate and you also need to ensure that the CA that signed the servr cert is installed on the windows system - plenty of sites that say how to do this - or you can simply google for eg wireless setup instructions (most universities are starting to have very good pages ;-) ) EAP-TLS uses client certificates - and if you eg put the matching entry for the CN into the users file then it'd know that user/cert is valid (to reject you need to revoke the cert) alan
Fernando Calvelo Vazquez wrote:
Hi folks:
I'm still trying to configure any authentication method that includes a client certificate validation (PEAP, EAP-TTLS... ) behind my window-vista supplicant software client, but unfortunately no successfully. Attached to this mail is the output of one PEAP try. The authentication starts once and again forever, in a loop, but never ends successfully.
There are two ways to figure out what's going on. 1) test it with a real client to be sure it works. See http://deployingradius.com/ for instructions on using eapol_test. You can also use client certificates. See the wpa_supplicant docs for more information. 2) debug Windows http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx If (1) works with client certs, then the issue is only (2).
I'm a bit frustrated with this "certificates" locking point.
Blame Microsoft. They put great effort into breaking inter-operability, and in ensuring that it's nearly impossible for administrators to quickly discover the cause of the problem. Alan DeKok.
participants (3)
-
Alan Buxey -
Alan DeKok -
Fernando Calvelo Vazquez