eap/peap oid on certs

Eshun Benjamin bkeshun at yahoo.fr
Tue Jul 10 12:08:45 CEST 2007


Hi Alan,
You are doing good job and  kudos to your team. Just want some clarafication on this issue.
 
make_cert_command = "${certdir}/bootstrap";
its excellent tool but it only creates clientAuth and serverAuth and
does not add PEAP which ofcourse one can add by himself.  Eventhough
freeradius will authenticate some supplicants will require users to
first time save the cert. Windows supplicants the oids :  xpclient_ext
and xpserver_ext  and on MAC supplicants ? ; it usually pops up message
"the server certificate is not trusted because there no explicit trust
settings"  what explicit trust settings is it looking for - does it require the setting of eap oid ?. The question
is what is the difference between web server and radius server
certificates with respect to ssl and wireless in the context of EAP,
PEAP. Does it matter if the cn is the SSID of the wireless network for
radius server auth and server domain name for webserver auth?

[ PEAP ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

[
 clientAuth ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ serverAuth ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
 
================================================== 
Benjamin K. Eshun







      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070710/d9db2bba/attachment.html>


More information about the Freeradius-Users mailing list