cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)
Reveal MAP
revealmapp at yahoo.fr
Sun Jul 27 05:07:09 CEST 2008
I read the post: "PEAP or TTLS and Microsoft Vista".
what i remain is i have to test another wireless mlanager differentthan trhe built-in of windows XP. ok, i will as soon as i will be infront of the server (no chance, it's week-end now)
----- Message d'origine ----
De : nf-vale <nf-vale at critical-links.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Vendredi, 25 Juillet 2008, 20h51mn 58s
Objet : Re : Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)
Are you using vista supplicant? By reading the last lines of your radius
debug file it seems so...
See earlier posts with subject: "PEAP or TTLS and Microsoft Vista".
Sex, 2008-07-25 às 17:10 +0000, Reveal MAP escreveu:
>
>
> > installing ca.der and putting user && pass into client machine, the
> authentication doesn't work?
>
> -- no, it doesn't!
>
> > you only need ca.der but, if you have an active directory like
> LDAP,
> check if your comunication with AD server also have tls
> authentication.
> Into ldap module you can configurate another tls block, which it's
> different than tls block into eap module.
>
> -- Well, the howto espalaining how freeradius has to authenticate
> users against Active Directory says nothing about ldap config files on
> linux server. it just gives tips about samba, using winbind,
> ntlm_auth, krb5.conf, nsswitch.conf and mschap module in freeradius.
> I ever success this kind of authentication without reading or changing
> a line of ldap module in freeradius.
> and i think, authenticating users against Openldap won't be managed
> like authentication of freeradius using active directory.
>
> >I don't know if it is your problem, but I suppose that comunication
> between ldap server and radius can have different certificates, from
> different ca's than eap comunication.
>
>
> my wireless network is secured with wpa/wpa2 entreprise, requiring a
> RADIUS server to perform authentication. so i am doing 802.1x
> authentication which exploit a valid PKI,regardless of the base of
> users. this is how i understand it.
>
> > If it is your problem, I would
> check it. also would be good you post de debug of radius to see which
> certificate can't validate.
>
> see the logf there: http://tinypaste.com/5b99b
> active and valid user is:
> login: glouglou
> password: glouglou
>
> aaa:~ # ntlm_auth --username=glouglou --request-nt-key --domain=PLUTON
> password:
> NT_STATUS_OK: Success (0x0)
> aaa:~ #
>
>
> :/ Any help will be appreciated. these days i am wondering about
> validity of the Server certificate!
> I have to tell you that, in my case, if i try a peap authentication
> against Active Directoiry with wrong users credentials, i have an
> error message saying that login or password is incorrect. with good
> users credential, i just obtain what you can see in the Radiusd -X
> output (http://tinypaste.com/5b99b)
>
> thank you
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ______________________________________________________________________
> Envoyé avec Yahoo! Mail.
> Une boite mail plus intelligente.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080727/2037baff/attachment.html>
More information about the Freeradius-Users
mailing list