authenticate problem XP eap/tls
Ben Walding
ben.walding at gmail.com
Mon Oct 10 02:18:49 CEST 2005
Make sure that you either don't validate the server certificate, or that if
you do, that the CA is selected.
The XP supplicant will just keep hammering at the server without accepting
the response if the CA / server checking doesn't pass.
The other thing to do is look at the RASTLS (and/or EAPOL) logs.
eg:
netsh ras set tracing rastls enabled
And then take a look at the files in c:\windows\tracing
Cheers,
Ben
On 10/10/05, Thuis Algemeen <thuis-algemeen at chello.nl> wrote:
>
> Thanks Allan,
>
> I used a file called xpextensions with both a client section and server a
> server section.
> The client certificate present on the laptop display's : Clientverificatie
> (1.3.6.1.5.5.7.3.2)
> The server certificate present on the server display's : Verificatie van
> de
> server (1.3.6.1.5.5.7.3.1)
>
> ----- Original Message -----
> From: "Alan DeKok" <aland at ox.org>
> To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org
> >
> Sent: Sunday, October 09, 2005 5:49 PM
> Subject: Re: authenticate problem XP eap/tls
>
>
> > "Thuis Algemeen" <thuis-algemeen at chello.nl> wrote:
> >> Here the log from freeradius, the onl error I can see is :
> >> "TLS_accept:error in SSLv3 read client certificate A".
> >
> > That error is in the middle of the authentication session, and
> > doesn't mean anything.
> >
> > Do the certificates you're using have the Windows OID?
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051010/11c016a1/attachment.html>
More information about the Freeradius-Users
mailing list