EAP-TLS/PEAP problem

Joel MBA OYONE mba_oyone at yahoo.fr
Wed Apr 30 13:23:46 CEST 2008 

Well, as i am very very newbie on Linux. iuse to work on win2000/2003 before.
 i chose the easyway to install freeradius; the "yum" commaand gave me that version.
if the latest version is easy to install manually on fedora and is able to work on a hp proliant ml-370 g5, i take it.
Why not the latest version. It will create and install the certificates
for you. Even if you don't want to install it you can download it and
use it to create certificates.

Ivan Kalik
Kalik Informatika ISP


Dana 30/4/2008, "Joel MBA OYONE" <mba_oyone at yahoo.fr> piše:

>Hello list.
>I am sorry about my poor english skills but hope i could be understood anyway.
>I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my users in the "/etc/raddb/users" file are able to authenticate without no problem.
>i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two sheets) which is very helpfull.
>but on the second part of the tuto, i encounter a problem with the extensions part:
>- it is said to create a file named "extensions" (my case /etc/pki/tls/extensions) and to copy that lines into:
>[ xpclient_ext]
>extendedKeyUsage = 1.3.6.1.5.5.7.3.2
>[ xpserver_ext ]
>extendedKeyUsage = 1.3.6.1.5.5.7.3.1
>and then to modify my previous certificate like that:
># openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
># openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreq.pem 
>when i do this, the system give me an error message:
>[root at ensiasra ensiasCA]# pwd
>/etc/pki/CA/ensiasCA
>[root at ensiasra ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions xpserver_ext -infiles certs/radiusserverreq.pem 
>Using configuration from /etc/pki/tls/openssl.cnf
>Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
>Error Loading extension section xpserver_ext
>4230:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn
>[root at ensiasra ensiasCA]# 
>
>i suppose i have problem creating extensions.... 
>there's a long time i try to fix it (and some many before), and right now, i come and ask your help to fix it.
>thanx for helping
>
> 
>MBA OYONE JoĂŤl
>Lot.. El Firdaous
>Bât GH20, Porte A 204, Appt 8
>20000 Oulfa
>Casablanca - Maroc
> 
>TĂŠl. : +212 69 25 85 70
>
>__________________________________________________
>Do You Yahoo!?
>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicitĂŠs 
>http://mail.yahoo.fr Yahoo! Mail
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail

More information about the Freeradius-Users mailing list