Everything lookslike it works, but PC is not authentified

K. Hoercher wbhoer at gmail.com
Mon Sep 4 11:22:02 CEST 2006


On 9/4/06, Alexandros Gougousoudis <gougousoudis at kh-berlin.de> wrote:
> I read that again and again, but I already have these OID in the certs.
> Here a dump of my server-cert:
No, you don't.
from Alan's post:
# 1.3.6.1.4.1.311.17.2

while "TLS Web Server Authentication" is 1.3.6.1.5.5.7.3.1
and "TLS Web Client Authentication" is 1.3.6.1.5.5.7.3.2

> What else could be a problem? How do you guys handle the
> "host/<netbiosname>" problem? Could that brake the cert?

Currently that doesn't even get considered, as according to your log
you don't check for the CN. Afaik you might strip it by using the
with_ntdomain_hack directive.

Further changes changes depend on the eap type you want to use. I have
already asked about that.

regards
K. Hoercher



More information about the Freeradius-Users mailing list