need help - force EAP-TTLS to validate the server certificate

Klaus Laus superklausx at gmx.de
Tue Sep 21 16:12:52 CEST 2010


I *only* want to know all the time if it´s possible to login on a client with user/userpassword and client certificate. I pleased you *only* to say *no* or *yes* and maybe one sentence more.

I know you´re a freeradius expert not a M$ expert but I thought when you know how to set up a server you just know how to configure any clients.
When you don´t want to answer me that question it´s ok, I can search on M$ websites, you´re right. But I think if you wanted you could simply answer my question.

nevertheless thank you for the great help with the configuration of the server.

Greetings misterklaus



-------- Original-Nachricht --------
> Datum: Tue, 21 Sep 2010 14:21:26 +0200
> Von: Alan DeKok <aland at deployingradius.com>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: need help - force EAP-TTLS to validate the server certificate

> Klaus Laus wrote:
> > The message is clear. Yes I created a client certificate and imported it
> into the client. 
> > When I use TLS to connect to the freeradius server I can choose the
> client certificate in the TLS dialog and the client can login successfully.
> > 
> > When I use PEAP to login I have to type in my username and password in
> the PEAP dialog from windows but I can not select a client certificate, the
> certificate is imported successfully in the windows certificate manager.
> 
>   So... the issue is that you haven't configured the client to use the
> client certificate.
> 
> > Should I be able to choose a client certificate in the PEAP dialog or
> should it work when the certificate is saved in the windows certificate
> manager and I only have to type in my username and password in the PEAP dialog? 
> 
>   Ask Microsoft how their software works.  It's annoying to have you ask
> a question here when you *already* know that you haven't configured the
> client certificate for PEAP.
> 
>   It means that you *know* it's not sending a client certificate.  You
> *know* you haven't configured one on the client.  And you *still* post
> the FreeRADIUS debug output, asking us to debug the *server* to see why
> the client certificate isn't being used.
> 
>   Microsoft has documentation for Windows.  Read it.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- 
GRATIS: Spider-Man 1-3 sowie 300 weitere Videos!
Jetzt freischalten! http://portal.gmx.net/de/go/maxdome



More information about the Freeradius-Users mailing list