EAP doest work with Cisco Catalyst 2950?

Thai Duong thaidn at yahoo.com
Wed Jul 26 13:11:31 CEST 2006



--- Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> openssl x509 -noout -text -in theserver.crt
> 
> ...will show things like:
> 
>              X509v3 Key Usage:
>              Digital Signature, Key Encipherment
>              X509v3 Extended Key Usage:
>              TLS Web Server Authentication
> 
> ...the latter being the one you're looking for.
> 
> As Alan says, it's almost certainly oids, but
> regardless the problem is 
> not at the FreeRadius side - you should look to the
> debugging on the 
> cisco switch and/or the windows client ("netsh * set
> tracing on" and 
> logfiles somewhere under c:\windows)

The output of my server certificate contains:
X509v3 Extended Key Usage:
TLS Web Server Authentication

As you advise, I turned tracing on and found that the
SSL handshake was not completed, the client kept
sending "Client Hello" packet but got no response from
the server. But when looking at Ethereal's dump file,
I saw that the server actually sent its certificate in
the Access-Challenge packet. I even unchecked
"Validate server certificate" in the client setting
but still no luck. What am I supposed to do now? I'm
gonna be crazy  please help.

TIA,

Thai Duong.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list