windows7 machine authentication

Phil Mayers p.mayers at imperial.ac.uk
Tue Aug 24 16:30:14 CEST 2010


On 24/08/10 15:19, alois blasbichler wrote:
> Hello list
>
> We use freeradius with opendlap and machine-authentification
> (samba-pcs) for years with success.
> Windows xp and vista  clients works fine.
> Now i wanted to authenticate a Windows 7 laptop and i get the
> following errors :
>
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 12 length 19
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
>
>
> and then
>
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
>     TLS Length 7
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap]<<<  TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
>       TLS_accept:failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
> TLS receive handshake failed during operation
> [peap] eaptls_process returned 4
>
>
> I dont use certificates neither on the server and neither  on the client side.

Yes you do. PEAP requires a server cert.

> I read in teh internet that also windows7 should work without
> certificates - is that true ?

No it is not.

>
>
> Wath can bee the problem ?

The clients don't know the server CA.



More information about the Freeradius-Users mailing list