Hi, Need Help!! I had generated from the server CA.der, client.p12 and server.p12. CA.der installed in XP Prof and work fine but client.p12 got problem "Windows does not have enough information to verify this certificate". "You have a private key thas corresponds to this certificate". should I install server.p12 as well? Can anyone give me a hand to solve this.
Why do you care if "Windows does not have enough information to verify this certificate"? Does radius server have any problems with it? Ivan Kalik Kalik Informatika ISP
Thanks for the tips. If the certificates are fine then the only problem here is the radius server. XP can not authenticate the client & can't get connected. here the output Ready to process requests. User-Name = "MarsNet_Client" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02020013014d6172734e65745f436c69656e74 Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010300060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7382effe7381e2540240fd45d4418b28 Finished request 4. Going to the next request Waking up in 4.9 seconds. Cleaning up request 4 ID 1 with timestamp +930 Ready to process requests. User-Name = "MarsNet_Client" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02010013014d6172734e65745f436c69656e74 Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae557800ae5775e5b09645c04263a306 Finished request 5. Going to the next request Waking up in 4.9 seconds. Cleaning up request 5 ID 3 with timestamp +950 Ready to process requests. --- On Mon, 7/7/08, Ivan Kalik <tnt@kalik.net> wrote: From: Ivan Kalik <tnt@kalik.net> Subject: Re: Private key To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Monday, July 7, 2008, 10:38 PM Why do you care if "Windows does not have enough information to verify this certificate"? Does radius server have any problems with it? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
++[eap] returns handled
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7382effe7381e2540240fd45d4418b28
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 4 ID 1 with timestamp +930
Ready to process requests.
User-Name = "MarsNet_Client"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:03:66"
Calling-Station-Id = "00:1c:f0:10:56:b8"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02010013014d6172734e65745f436c69656e74
Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449
+- entering group authorize
Your client is broken. State attribute from the challenge must be returned in the next request. Ivan Kalik Kalik Informatika ISP
Kwok Sianbin escribió:
Thanks for the tips. If the certificates are fine then the only problem here is the radius server. XP can not authenticate the client & can't get connected.
here the output Ready to process requests. User-Name = "MarsNet_Client" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02020013014d6172734e65745f436c69656e74 Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010300060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7382effe7381e2540240fd45d4418b28 Finished request 4. Going to the next request Waking up in 4.9 seconds. Cleaning up request 4 ID 1 with timestamp +930 Ready to process requests. User-Name = "MarsNet_Client" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02010013014d6172734e65745f436c69656e74 Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae557800ae5775e5b09645c04263a306 Finished request 5. Going to the next request Waking up in 4.9 seconds. Cleaning up request 5 ID 3 with timestamp +950 Ready to process requests.
--- On *Mon, 7/7/08, Ivan Kalik /<tnt@kalik.net>/* wrote:
From: Ivan Kalik <tnt@kalik.net> Subject: Re: Private key To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Monday, July 7, 2008, 10:38 PM
Why do you care if "Windows does not have enough information to verify this certificate"? Does radius server have any problems with it?
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Información de NOD32, revisión 3253 (20080709) __________
Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
Have you read last lines of eap.conf?
participants (3)
-
Ivan Kalik -
Kwok Sianbin -
Sergio Yébenes Moreno