Freeradius XP Client without certificate
I need some help again. Is it possible to use Freeradius without certificate on the XP client? If I connect to the WLAN with my Iphone, I don’t need the certificate. Lionne Stangier
Lionne Stangier wrote:
I need some help again.
Is it possible to use Freeradius without certificate on the XP client?
XP requires at least a root certificate for 802.1X authentication.
If I connect to the WLAN with my Iphone, I don’t need the certificate.
It's either doing WEP, or it's ignoring the server certificate. Alan DeKok.
Is it possible to use Freeradius without certificate on the XP client?
XP requires at least a root certificate for 802.1X authentication.
Hmm .. That’s impractical. If some guests come and want to login we need to install the certificates first.
If I connect to the WLAN with my Iphone, I don’t need the certificate.
It's either doing WEP, or it's ignoring the server certificate.
No. It doesn’t use WEP and it doesn’t ignoring the certificate. The certificate is on the phone. You only connect to the WLAN and the background settings filled automatic. Lionne Stangier
Lionne Stangier wrote:
Is it possible to use Freeradius without certificate on the XP client?
XP requires at least a root certificate for 802.1X authentication.
Hmm .. That’s impractical. If some guests come and want to login we need to install the certificates first.
That's how EAP works. If you don't like it, go back 10 years, and change the standards.
If I connect to the WLAN with my Iphone, I don’t need the certificate.
It's either doing WEP, or it's ignoring the server certificate.
No. It doesn’t use WEP and it doesn’t ignoring the certificate. The certificate is on the phone. You only connect to the WLAN and the background settings filled automatic.
That disagrees with what you said earlier: 1) it doesn't need certs 2) the cert is on the phone Be consistent. It's impossible to help you if your story changes from message to message. And you can't change the way some things work. EAP-TLS methods require certificates. Don't blame me, or FreeRADIUS for that. All other products on the market have the same restrictions. Alan DeKok.
That disagrees with what you said earlier:
1) it doesn't need certs 2) the cert is on the phone
I mean you must not manually install the certificate.
And you can't change the way some things work. EAP-TLS methods require certificates. Don't blame me, or FreeRADIUS for that. All other products on the market have the same restrictions.
I don’t blame you or Freeradius, becuase that’s not a Freeradius problem. Pity, that an Iphone can load the certificate automatic and XP Laptop not!
On 07/20/2010 01:12 PM, Lionne Stangier wrote:
That disagrees with what you said earlier:
1) it doesn't need certs 2) the cert is on the phone
I mean you must not manually install the certificate.
And you can't change the way some things work. EAP-TLS methods require certificates. Don't blame me, or FreeRADIUS for that. All other products on the market have the same restrictions.
I don’t blame you or Freeradius, becuase that’s not a Freeradius problem. Pity, that an Iphone can load the certificate automatic and XP Laptop not
It's a damn shame. The XP supplicant has held back 802.1x by a decade. HOWEVER - you can fix this by getting a wireless cert from a commercial provider which is in XPs CA store by default (e.g. verisign). You then need to write tedious instructions telling which 20 boxes to tick in Windows to make sure it does the right thing, but at least you don't have to visit the machine or download anything to it...
It's a damn shame. The XP supplicant has held back 802.1x by a decade.
HOWEVER - you can fix this by getting a wireless cert from a commercial provider which is in XPs CA store by default (e.g. verisign). You then need to write tedious instructions telling which 20 boxes to tick in Windows to make sure it does the right thing, but at least you don't have to visit the machine or download anything to it...
Thank you. It's really a damn shame. I will look for a commercial certificate. Thanks.
I will look for a commercial certificate.
We bought a certificate. I write the new cert name in the eap.conf and comment ca.pem out. But windows don’t get it. Radiusd -X do handshake, and all successful. The Server send access challenge but Windows don’t connect.
Lionne Stangier wrote:
I will look for a commercial certificate.
We bought a certificate. I write the new cert name in the eap.conf and comment ca.pem out. But windows don’t get it.
Radiusd -X do handshake, and all successful. The Server send access challenge but Windows don’t connect.
This is well known. It is in the FAQ, and in the comments in raddb/eap.conf. In short, you did *not* get a certificate that Windows will accept. Read the documentation for details. Look for "Windows". Alan DeKok.
This is well known. It is in the FAQ, and in the comments in raddb/eap.conf.
In short, you did *not* get a certificate that Windows will accept. Read the documentation for details. Look for "Windows".
I know these problems, but the certificate support extensions. It's a cert that should be known in windows trusted root certs. That means theoretically windows have the cert and our server. But I think, I include the cert wrong at the radius server.
participants (3)
-
Alan DeKok -
Lionne Stangier -
Phil Mayers