EAP-TLS Machine Authentication problems

tnt at kalik.co.yu tnt at kalik.co.yu
Fri Jan 18 22:06:47 CET 2008


>
>Looking at User cert request ID #52 and Computer cert request ID #40
>(Where the "SSLv3 read client certificate A" error occurs) they are
>pretty much identical. The next messages in the sequence (#53/#41)
>are also almost identical (the freeradius reply is identical right down
>to the EAP-Message blobs in the response). The message after that
>is where things appear to go wrong, in User #54, a ton of EAP data
>comes in from the client, the client cert details show up, and
>authentication seems to be wrapping up; but in Computer #42 barely
>anything appears in the EAP blobs and the process appears to start
>cycling over again.
>
>Thanks
>
>-- Mike Olson
>

Yes, there is a mismatch that's something to do with MS adding $ to the
end of machine accounts, so certificate data is not sent. I don't know
how to fix this but I am sure there are people on the list that do.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list