XP SP3 an EAP-TLS partly solution

Alexandros Gougousoudis gougousoudis-list at servicecenter-khs.de
Fri Jan 23 09:18:02 CET 2009


Hi Ivan,

tnt at kalik.net schrieb:
> You should upgrade to the latest version. If that doesn't cure it, try
> making client certificate signed by the CA and not server certificate.
>   
I had 2.1.3 running a week ago, but it didn't work also. But I wasn't 
sure about the configs. Unfortunately the documentation is bad. Any hints?

Someone on this list recommended me to upgrade to 1.1.7 to make it work 
(wasn't it you? :-) ), but it doesn't work.

The certs shouldn't be the problem. On the clients I have a client cert 
with right extended-usage and the server has a server-cert with the 
right attributes. In XP the certmgr says it's for 
Clientauthentification. They worked with SP2. But I also tried to 
install a server-cert with client-extended-usage, also no success. I'am 
a bit worried about the registry-errors in the logs I've posted.

I can't believe that I'am the first one who tried to authenticate an XP 
SP3 machine with EAP-TLS to Freeradius. I mean, XP has a 
market-domincnce of >95% and this problem should also occur if you 
authenticate via WLAN. So there must be a solution and I'am doing 
something terrebly wrong.

I'd like to hear from at least one person that it works. At the moment I 
believe XP SP3 is incompatible to Freeradius.

Thanks
 Alex



More information about the Freeradius-Users mailing list