Certificate not valid in PEAP

Alan DeKok aland at deployingradius.com
Mon Dec 21 11:10:31 CET 2009


Fernando Calvelo Vazquez wrote:
> Hi folks:
> 
> I'm still trying to configure any authentication method that includes a
> client certificate validation (PEAP, EAP-TTLS... ) behind my
> window-vista supplicant software client, but unfortunately no successfully.
> Attached to this mail is the output of one PEAP try.
> The authentication starts once and again forever, in a loop, but never
> ends successfully.

  There are two ways to figure out what's going on.

1) test it with a real client to be sure it works.

  See http://deployingradius.com/ for instructions on using eapol_test.
 You can also use client certificates.  See the wpa_supplicant docs for
more information.

2) debug Windows

http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx


  If (1) works with client certs, then the issue is only (2).

> I'm a bit frustrated with this "certificates" locking point.

  Blame Microsoft.  They put great effort into breaking
inter-operability, and in ensuring that it's nearly impossible for
administrators to quickly discover the cause of the problem.

  Alan DeKok.




More information about the Freeradius-Users mailing list