Noone anny idea fot --> TLS Athentifikation before Domain Logon XP?
Timothy J. Miller
tmiller at mitre.org
Fri Jan 6 20:03:46 CET 2006
Armin Krämer wrote:
> I tried out the registry patch AuthMode with a value of 2 whch causes
> windows to authenticate with the machine certificate only. Then I
> generated a client certificate with openssl with the special OID
> 1.3.6.1.4.1.311.17.2 which was posted in the mailing list some time ago.
> But with this certificate authentification fails.
The correct OIDs are:
RADIUS server certificate: 1.3.6.1.5.5.7.3.1 (TLS Server Authentication)
Client certificate: 1.3.6.1.5.5.7.3.2 (TLS Client Authentication)
> Is there anybody who successfully managed that problem and can describe
> me how he solved this problem step by step. I think the problem is the
> machine certificate.
Bump up Schannel logging to see what's really happening:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
Key: EventLogging
Value: 4 (log everything)
-- Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060106/83659bc0/attachment.bin>
More information about the Freeradius-Users
mailing list