Windows Client Authentification bevore Domain logon
Ben Walding
ben.walding at gmail.com
Thu Aug 25 13:15:45 CEST 2005
I also found using machine certificates to be hit and miss (some
machines they'd be picked up, others they wouldn't - all XP SP2 with
appropriate patches).
And then I stumbled on this
http://lists.cistron.nl/pipermail/freeradius-users/2004-July/034141.html
1.3.6.1.4.1.311.17.2
After I started adding that OID to my machine certs, everything
started working wonderfully.
I shook my fist at Microsoft that day!
Cheers,
Ben
On 8/25/05, Steven Atkinson <atn at fallibroome.cheshire.sch.uk> wrote:
> Armin,
>
> At 15:40 24/08/05, you wrote:
>
> >Ok, the hole day i tried to get it to work but this time when i install
> >the certificate as a machine zertifikate the radius authentifikation log
> >ends up with this log below.
> >
> >The Certificates where generated with openssl and all works fine as User
> >certificates but not as computer zertificate. I set the Registry Patch
> >which was diescribed in the mailing list to a value of 2.
>
> As Ben has suggested in another email, there are some required extensions
> to the certificates to enable Windows to authenticate. How did you make
> your certificates, I followed the instructions in
> http://www.linuxjournal.com/article/8095.
>
> Steve Atkinson
>
>
> Fallibroome High School
> Priory Lane
> Macclesfield
> Cheshire
> SK10 4AF
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list