EAP-TLS/PEAP problem
Ivan Kalik
tnt at kalik.net
Wed Apr 30 13:11:57 CEST 2008
Why not the latest version. It will create and install the certificates
for you. Even if you don't want to install it you can download it and
use it to create certificates.
Ivan Kalik
Kalik Informatika ISP
Dana 30/4/2008, "Joel MBA OYONE" <mba_oyone at yahoo.fr> piše:
>Hello list.
>I am sorry about my poor english skills but hope i could be understood anyway.
>I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my users in the "/etc/raddb/users" file are able to authenticate without no problem.
>i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two sheets) which is very helpfull.
>but on the second part of the tuto, i encounter a problem with the extensions part:
>- it is said to create a file named "extensions" (my case /etc/pki/tls/extensions) and to copy that lines into:
>[ xpclient_ext]
>extendedKeyUsage = 1.3.6.1.5.5.7.3.2
>[ xpserver_ext ]
>extendedKeyUsage = 1.3.6.1.5.5.7.3.1
>and then to modify my previous certificate like that:
># openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
># openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreq.pem
>when i do this, the system give me an error message:
>[root at ensiasra ensiasCA]# pwd
>/etc/pki/CA/ensiasCA
>[root at ensiasra ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions xpserver_ext -infiles certs/radiusserverreq.pem
>Using configuration from /etc/pki/tls/openssl.cnf
>Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
>Error Loading extension section xpserver_ext
>4230:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn
>[root at ensiasra ensiasCA]#
>
>i suppose i have problem creating extensions....
>there's a long time i try to fix it (and some many before), and right now, i come and ask your help to fix it.
>thanx for helping
>
>Â
>MBA OYONE JoĂŤl
>Lot.. El Firdaous
>Bât GH20, Porte A 204, Appt 8
>20000 Oulfa
>Casablanca - Maroc
>Â
>TĂŠl. : +212 69 25 85 70
>
>__________________________________________________
>Do You Yahoo!?
>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicitĂŠs
>http://mail.yahoo.fr Yahoo! Mail
>
More information about the Freeradius-Users
mailing list