Problems using EAP-TLS with freeradius version 2
Alan DeKok
aland at deployingradius.com
Wed Jan 30 12:42:09 CET 2008
Stefan Puch wrote:
> Then some people came with their mobile devices which are running Windows Mobile
> 2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the problems began.
> The same EAP-TLS certificate which worked fine on a Windows XP machine doesn't
> work on e.g. Windows Mobile 6 PDA.
You have to love Microsoft...
> With the new version 2.0.1 the Windows and Linux Laptops are not able to
> authenticate any more with the freeradius server (the certificates are still the
> same). The server sends an ACCESS, but the behavior is like described in the FAQ
> "PEAP or EAP-TLS Doesn't Work with a Windows machine". Downgrading to the
> previous version of freeradius 1.1.7 makes them work again, freeradius version
> 2.0.0 doesn't work either.
The EAP-TLS code was substantially re-worked in 2.0.0. It was tested
with Vista, XP SP1, XP SP2, Linux systems, MAC. It's working "live" in
environments with many, may different OS's and architectures.
So it *should* work.
> So, what would be helpful to analyze the problem? All config files or just the
> output from radiusd -X from both versions in order to make a diff or should I
> open a new bug in the tracking system as well?
ethereal packet traces of the RADIUS traffic would help. But I would
first suggest trying to use the test certificates that come with 2.0.1.
If those work, then the issue isn't 2.0.0 versus 1.1.7, it's that there
is something special about the certificates you're using.
Alan DeKok.
More information about the Freeradius-Users
mailing list