EAP-TLS/PEAP problem

Ivan Kalik tnt at kalik.net
Wed Apr 30 13:39:36 CEST 2008 

http://www.freeradius.org/download.html

Find the OS version that you have and download the latest freeradius
version rpm.

Ivan Kalik
Kalik Informatika ISP


Dana 30/4/2008, "Joel MBA OYONE" <mba_oyone at yahoo.fr> piše:

>Well, as i am very very newbie on Linux. iuse to work on win2000/2003 before.
> i chose the easyway to install freeradius; the "yum" commaand gave me that version.
>if the latest version is easy to install manually on fedora and is able to work on a hp proliant ml-370 g5, i take it.
>Why not the latest version. It will create and install the certificates
>for you. Even if you don't want to install it you can download it and
>use it to create certificates.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 30/4/2008, "Joel MBA OYONE" <mba_oyone at yahoo.fr> piĹĄe:
>
>>Hello list.
>>I am sorry about my poor english skills but hope i could be understood anyway.
>>I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my users in the "/etc/raddb/users" file are able to authenticate without no problem.
>>i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two sheets) which is very helpfull.
>>but on the second part of the tuto, i encounter a problem with the extensions part:
>>- it is said to create a file named "extensions" (my case /etc/pki/tls/extensions) and to copy that lines into:
>>[ xpclient_ext]
>>extendedKeyUsage = 1.3.6.1.5.5.7.3.2
>>[ xpserver_ext ]
>>extendedKeyUsage = 1.3.6.1.5.5.7.3.1
>>and then to modify my previous certificate like that:
>># openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreqpem
>># openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreqpem 
>>when i do this, the system give me an error message:
>>[root at ensiasra ensiasCA]# pwd
>>/etc/pki/CA/ensiasCA
>>[root at ensiasra ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions xpserver_ext -infiles certs/radiusserverreq.pem 
>>Using configuration from /etc/pki/tls/openssl.cnf
>>Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
>>Error Loading extension section xpserver_ext
>>4230:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=CA_default name=email_in_dn
>>[root at ensiasra ensiasCA]# 
>>
>>i suppose i have problem creating extensions.... 
>>there's a long time i try to fix it (and some many before), and right now, i come and ask your help to fix it.
>>thanx for helping
>>
>> 
>>MBA OYONE JoĂŤl
>>Lot.. El Firdaous
>>Bât GH20, Porte A 204, Appt 8
>>20000 Oulfa
>>Casablanca - Maroc
>> 
>>TÄ‚Ĺ l. : +212 69 25 85 70
>>
>>__________________________________________________
>>Do You Yahoo!?
>>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicitĂŠs 
>>http://mail.yahoo.fr Yahoo! Mail
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>__________________________________________________
>Do You Yahoo!?
>En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicitĂŠs 
>http://mail.yahoo.fr Yahoo! Mail 
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list