need help - force EAP-TTLS to validate the server certificate
Klaus Laus
superklausx at gmx.de
Tue Sep 21 17:30:09 CEST 2010
A lot of thanks for your answer Mearl Danner, I read the pages of M$ but I didn´t found any possibilitys to configure the clients so, that the client is use a username/password and certificate. Do you know how I can do these settings or if it´s generelly not possible? thanks again
-------- Original-Nachricht --------
> Datum: Tue, 21 Sep 2010 08:02:27 -0500
> Von: "Danner, Mearl" <jmdanner at samford.edu>
> An: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Betreff: RE: need help - force EAP-TTLS to validate the server certificate
> EAP/PEAP requires a server certificate. You can opt for the M$ supplicant
> to verify it but it does not use a client certificate.
>
> That's why there is no option to pick the client cert when setting up
> PEAP.
>
> -----Original Message-----
> From: freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org
> [mailto:freeradius-users-bounces+jmdanner=samford.edu at lists.freeradius.org]
> On Behalf Of Klaus Laus
> Sent: Tuesday, September 21, 2010 5:17 AM
> To: FreeRadius users mailing list
> Subject: Re: need help - force EAP-TTLS to validate the server certificate
>
> The message is clear. Yes I created a client certificate and imported it
> into the client.
> When I use TLS to connect to the freeradius server I can choose the client
> certificate in the TLS dialog and the client can login successfully.
>
> When I use PEAP to login I have to type in my username and password in the
> PEAP dialog from windows but I can not select a client certificate, the
> certificate is imported successfully in the windows certificate manager.
> Should I be able to choose a client certificate in the PEAP dialog or
> should it work when the certificate is saved in the windows certificate manager
> and I only have to type in my username and password in the PEAP dialog?
>
> I want to allow only PEAP logins (or username/password logins) with client
> certificate.
>
>
>
> -------- Original-Nachricht --------
> > Datum: Tue, 21 Sep 2010 09:33:29 +0200
> > Von: Alan DeKok <aland at deployingradius.com>
> > An: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> > Betreff: Re: need help - force EAP-TTLS to validate the server
> certificate
>
> > Klaus Laus wrote:
> > > I tried to login from another client, but it´s the same problem.
> > >
> > > TLS Alert write:fatal:handshake failure
> > > TLS_accept:error in SSLv3 read client certificate B
> > > rlm_eap: SSL error error:140890C7:SSL
> > > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
> > > SSL: SSL_read failed in a system call (-1), TLS session fails.
> >
> > That message should be clear. The supplicant didn't send a client
> > certificate.
> >
> > Did you create a client certificate?
> >
> > If so, did you copy it to the client?
> >
> > Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> --
> GRATIS: Spider-Man 1-3 sowie 300 weitere Videos!
> Jetzt freischalten! http://portal.gmx.net/de/go/maxdome
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
GRATIS: Spider-Man 1-3 sowie 300 weitere Videos!
Jetzt freischalten! http://portal.gmx.net/de/go/maxdome
More information about the Freeradius-Users
mailing list