What kind of error in client-cert using EAP?

Alexandros Gougousoudis gougousoudis at kh-berlin.de
Thu Sep 21 12:58:15 CEST 2006


Hi,

it works now. Thanks Thibault, you saved my day, again! :-)

> - the extension SubjectAltName must contain the Netbios name of the PC 
> (I think)

This had no meaning in my tests. Anyway, there must be chosen a type of 
that field. Did you take DNS-Name, Email or Raw? I took now DNS-Name, 
but in another case there was an email in that field and the systems 
authetifies without problems. So I think you can leave this field out.

> I've seen that you integrate the emailaddress in the subject (an option 
> in TinyCA): can you disable this ?

Yupp, this was the mistake. It is somehome on by default. I switched it 
off and created new certs as you wrote and the XP Machine works now too. 
Hell, I gonna print your mail and hang it in front of me.

> This is ok, but are the certificates _exactly_ generated in the same way ?

Obiously not. As I made the same mistake over and over again. I have now 
only the problem of one W2K Machine, not even asking the Radius-Server. 
I assume it's some kind of inkompatibilty of drivers or NIC.

Thanks for your help:

Have that for your trouble: http://www.engelbraeu.de/images/bierkiste.gif

cu
  Alex


-- 
ServiceCenter IT - Alexandros Gougousoudis (Leiter)

Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule 
für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst 
Busch".

Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445





More information about the Freeradius-Users mailing list