need help - force EAP-TTLS to validate the server certificate
Klaus Laus
superklausx at gmx.de
Tue Sep 21 16:12:52 CEST 2010
I *only* want to know all the time if it´s possible to login on a client with user/userpassword and client certificate. I pleased you *only* to say *no* or *yes* and maybe one sentence more.
I know you´re a freeradius expert not a M$ expert but I thought when you know how to set up a server you just know how to configure any clients.
When you don´t want to answer me that question it´s ok, I can search on M$ websites, you´re right. But I think if you wanted you could simply answer my question.
nevertheless thank you for the great help with the configuration of the server.
Greetings misterklaus
-------- Original-Nachricht --------
> Datum: Tue, 21 Sep 2010 14:21:26 +0200
> Von: Alan DeKok <aland at deployingradius.com>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: Re: need help - force EAP-TTLS to validate the server certificate
> Klaus Laus wrote:
> > The message is clear. Yes I created a client certificate and imported it
> into the client.
> > When I use TLS to connect to the freeradius server I can choose the
> client certificate in the TLS dialog and the client can login successfully.
> >
> > When I use PEAP to login I have to type in my username and password in
> the PEAP dialog from windows but I can not select a client certificate, the
> certificate is imported successfully in the windows certificate manager.
>
> So... the issue is that you haven't configured the client to use the
> client certificate.
>
> > Should I be able to choose a client certificate in the PEAP dialog or
> should it work when the certificate is saved in the windows certificate
> manager and I only have to type in my username and password in the PEAP dialog?
>
> Ask Microsoft how their software works. It's annoying to have you ask
> a question here when you *already* know that you haven't configured the
> client certificate for PEAP.
>
> It means that you *know* it's not sending a client certificate. You
> *know* you haven't configured one on the client. And you *still* post
> the FreeRADIUS debug output, asking us to debug the *server* to see why
> the client certificate isn't being used.
>
> Microsoft has documentation for Windows. Read it.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
GRATIS: Spider-Man 1-3 sowie 300 weitere Videos!
Jetzt freischalten! http://portal.gmx.net/de/go/maxdome
More information about the Freeradius-Users
mailing list