3com wx - peap-mschapv2 - freeradius - mysql

Alessandro Agostini A.Agostini at ifac.cnr.it
Fri Jun 16 14:31:42 CEST 2006 

Stefan Winter ha scritto:
> Hi!
> 
>> It is incredible! I have just installed SecureW2 and all is ok now!
>> Have you any idea why XP SP2 didn't work? For my user will be more
>> comfortable use XP interface instead install and use SecureW2.
> 
> I guess that is because Windows XP requires the TLS Server Certificate 
> Extension to be present in the certificate, while SecureW2 doesn't.
> You can easily verify if your certificate is right for Win XP:
> 
> openssl x509 -in certfile.pem -text
> 
> The output must contain the following lines:
> 
>         X509v3 extensions:
>             X509v3 Extended Key Usage:
>                 TLS Web Server Authentication
> 
> If this extension isn't present, things won't work with the built-in 
> supplicant, then you need another certificate. SecureW2 is not as picky about 
> that, so the cert is still fine for SecureW2 and EAP-TTLS.
> 
I have manually generated the certificate three days ago, so I serach the right 
way to generate the certificate with right extension, thanks.

> Windows XP supplicant being more comfortable? Arguably. Personally, I find it 
> one of the worst-ever designed User Interfaces. Almost no one gets the 
> correct, secure configuration right on first attempt. 
> You can generate an automated installer with SecureW2, where most of the 
> settings for your users are preconfigured (a "Site Deployment"). This makes 
> it almost as easy as a double-click to get things running.
> 
Interesting, I'll checking also this possibility. Alsi I think that it is better 
than XP dialogs!

>> A second problema. I have activate accounting but in "radacct" (log file
>> and mysql table) I can't see the IP address of the supplicant client. I see
>> only the nas ip address.
>> There are some parameter to secify to add this feature?
> 
> Well, the server can only log what the NAS (Access Point) sends to it. You 
> will need to configure your Access Point to send the client's IP address. It 
> depends on your model of Access Point how to do this, if it's at all 
> possible. I don't have a 3Com Access Point, so I have no idea how to do it. 
> It sure comes with a manual, though.
> 
OK.
Thanks again for your support!
Alessandro

More information about the Freeradius-Users mailing list