EAP/TLS
Kwok Sianbin
sianbin_kwok at yahoo.com
Wed Jul 9 10:06:19 CEST 2008
Thanks for the tips.
If the certificates are fine then
the only problem here is the radius server.
XP can not authenticate the client & can't get connected.
here the output
Ready to process requests.
User-Name = "MarsNet_Client"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:03:66"
Calling-Station-Id = "00:1c:f0:10:56:b8"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02020013014d6172734e65745f436c69656e74
Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7382effe7381e2540240fd45d4418b28
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 4 ID 1 with timestamp +930
Ready to process requests.
User-Name = "MarsNet_Client"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:30:1a:29:03:66"
Calling-Station-Id = "00:1c:f0:10:56:b8"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02010013014d6172734e65745f436c69656e74
Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae557800ae5775e5b09645c04263a306
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 5 ID 3 with timestamp +950
Ready to process requests.
--- On Mon, 7/7/08, Ivan Kalik <tnt at kalik.net> wrote:
From: Ivan Kalik <tnt at kalik.net>
Subject: Re: Private key
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Date: Monday, July 7, 2008, 10:38 PM
Why do you care if "Windows does not have enough information to verify
this certificate"? Does radius server have any problems with it?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080709/490ad1ff/attachment.html>
More information about the Freeradius-Users
mailing list