PEAP-MSCHAP failure. Please help
Alan DeKok
aland at deployingradius.com
Wed Oct 18 18:48:42 CEST 2006
"Jack Daniels" <da_very_newbie at hotmail.com> wrote:
> Is there a way to dump more information about what is going on in the TLS
> conversation in freeradius?
No. What more information do you think you would need?
> Why even if EAP doesn't fail it can't reach the mschap part?
Because the Windows client stops talking to the server.
> Should I consider this part
> (other): SSL negotiation finished successfully
> rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
> SSL Connection Established
> as a failure or a success?
I could swear that message has the word "successfully" in it. That
looks a whole lot like "success" to me.
> In the client computer, if I uncheck the "Validate server certificate"
> option everything runs smoothly.
Then the problem is that you didn't create the certificates with the
magic OID's. See http://wiki.freeradius.org/WPA_HOWTO and
http://www.alphacore.net/contrib/nantes-wireless/eap-tls-HOWTO.html
If you didn't use the "xpextensions" file, Windows won't like the
certs.
> I'm using FreeRadius v 1.1.3. Certificates when created were verified with
> openssl verify and everything was ok.
They're certs, but they're not certs Windows likes.
I think for the next rev of the server, we'll take a look at putting
huge screaming messages in the logs if the certs don't have the OID's.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list