AW: Noone anny idea fot --> TLS Athentifikation before Domain, Logon XP?

Armin Krämer Kraemer.Armin at web.de
Tue Jan 10 16:48:59 CET 2006


I posted 3 days ago an mesage with 2 logfiles out of radius. Because this is
a part of my Projekt for my final exam as an IT-Engineer it is verry
important for me getting this working. Maybe someone of you has any further
idea? Or would it be better to contact the openssl Team for this issue? You
think this is an Certificate Problem or a Problem of the Freeradius Config?

Greetings Armin
-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+kraemer.armin=web.de at lists.freeradius.org
[mailto:freeradius-users-bounces+kraemer.armin=web.de at lists.freeradius.org]
Im Auftrag von Armin Krämer
Gesendet: Freitag, 6. Januar 2006 22:21
An: freeradius-users at lists.freeradius.org
Betreff: Noone anny idea fot --> TLS Athentifikation before Domain, Logon
XP?

Sorry, forgotte to attach the files...

Okay, i tested on and found an difference. I attach 2 Files. One is the
output with an normal Client-Certificate the other with an Certifikate with
the OID 1.3.6.1.4.1.311.17.2.

In both cases the Certifikate is rejected with Error in Certifikate A. 

The Client Certifikate ist tested as Client-Certifikate and works when
installed as an normal Account Certifikate. 

Sems like the mistake is at the Certifikate itself??? When i generated the
Special Machine Certifikate i changed out the normal OID against the other
one described above. Or may i have to add OID as a second OID to the
certifikate?
Thanks for helping.

:-)
 

-----Ursprüngliche Nachricht-----
Von: j.cluzel at online.fr [mailto:j.cluzel at online.fr]
Gesendet: Freitag, 6. Januar 2006 21:11
An: Kraemer.Armin at web.de
Betreff: Re: Noone anny idea fot --> TLS Athentifikation before Domain,
Logon XP?

Hello,

- login as local administrateur
- start mmc.exe
- add certificate / computer account / local computer (note sure for names,
my XP is french, so I translate)
- Then, in the tree, select root certification autority/Certificates
- Right click, All tasks/Import
- select your "root.der"
- Then, in the tree, select Personnal/Certificates
- Right click, All tasks/Import
- select your "machine.p12"
- enter your "private key"
- close mmc
- set AuthMode to "2" in registry
- in computer panel/Network connection/wireless connection
- tab "Association" WPA & TKIP
- tab "Auth" check "Authenticate as computer..."
- tab "Auth"/Properties check "Validate serveur certificate" and select your
certificate in the list, !!! Be aware, in "property", you add to check
"Connexion to these servers", but let it uncheck for testing
- Pray... ;-)

Hope it helps.
FYI, it works for me.

Regards,

Jeremy







More information about the Freeradius-Users mailing list