Everything lookslike it works, but PC is not authentified
K. Hoercher
wbhoer at gmail.com
Mon Sep 4 11:22:02 CEST 2006
On 9/4/06, Alexandros Gougousoudis <gougousoudis at kh-berlin.de> wrote:
> I read that again and again, but I already have these OID in the certs.
> Here a dump of my server-cert:
No, you don't.
from Alan's post:
# 1.3.6.1.4.1.311.17.2
while "TLS Web Server Authentication" is 1.3.6.1.5.5.7.3.1
and "TLS Web Client Authentication" is 1.3.6.1.5.5.7.3.2
> What else could be a problem? How do you guys handle the
> "host/<netbiosname>" problem? Could that brake the cert?
Currently that doesn't even get considered, as according to your log
you don't check for the CN. Afaik you might strip it by using the
with_ntdomain_hack directive.
Further changes changes depend on the eap type you want to use. I have
already asked about that.
regards
K. Hoercher
More information about the Freeradius-Users
mailing list