How to use CRL by PEAP authentication
Kouji Amemiya
amemiya at allied-telesis.co.jp
Fri Dec 16 09:44:20 CET 2005
Hello,
I'm using FreeRADIUS-1.0.5 on Windows XP and Windows XP client.
And I'm attempting PEAP authentication.
I was using the certificate published by OpenSSL, I revoked this certificate.
(Herewith, this certificate's information was written on CRL.)
And I attempted PEAP authentication by this revoked certificate,
but authentication result was "Access-Accept".
Is my setup amusing?
Please give me advice by all means.
A eap.conf is shown below.
//
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
#challenge = "Password: "
auth_type = PAP
}
tls {
private_key_password = bbbb
private_key_file = ${raddbdir}/newcerts/serverkey.pem
certificate_file = ${raddbdir}/newcerts/servercert.pem
CA_file = ${raddbdir}/newcerts/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
# fragment_size = 1024
# include_length = yes
CA_path = ${raddbdir}/newcerts/
check_crl = yes
check_cert_cn = %{User-Name}
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = no
}
mschapv2 {
}
}
--
Kouji Amemiya <amemiya at allied-telesis.co.jp>
More information about the Freeradius-Users
mailing list