RE: EAP-TLS & computer account(not user)
You (or whoever makes these certificates) have set up certificate creation that way. Change it so that CN is equal to User-Name. Ivan Kalik Kalik Informatika ISP Dana 9/10/2008, "Guk Victor" <v.guk@zaz.zp.ua> piše:
I use eap-tsl for the registration record of computer. It is necessary
to open access to the network to pressure of Ctrl+Alt+Del. I will not understand what is the matter:
..
radius_xlat: 'host/cit44' rlm_eap_tls: checking certificate CN (cit44) with xlat'ed value (host/cit44) rlm_eap_tls: Certificate CN (cit44) does not match specified value (host/cit44)! chain-depth=0, error=0 --> User-Name = host/cit44 --> BUF-Name = cit44 --> subject = /C=UA/ST=Berkshire/L=Newbury/O=zaz/OU=mis/CN=cit44 --> issuer = /C=UA/ST=ZaporozshE/L=ZP/O=ZAZ/OU=MIS/CN=Administrator --> verify return:0
..
User-Name and CN are not the same. Create a proper certificate.
I created new certificate from CN=host/cit44. This is what it is obtained:
radius_xlat: 'host/host/cit44' rlm_eap_tls: checking certificate CN (host/cit44) with xlat'ed value (host/host/cit44) rlm_eap_tls: Certificate CN (host/cit44) does not match specified value (host/host/cit44)! chain-depth=0, error=0 User-Name = host/host/cit44 BUF-Name = host/cit44 subject = /C=UA/ST=Berkshire/L=Newbury/O=zaz/OU=mis/CN=host/cit44 issuer = /C=UA/ST=ZaporozshE/L=ZP/O=ZAZ/OU=MIS/CN=Administrator verify return:0 Why to User-Name is added "/host"?
participants (2)
-
Guk Victor -
tnt@kalik.net