PEAP/MSCHAPv2 problem

Jürgen Stader juergen.stader at hs-furtwangen.de
Mon Apr 4 19:00:06 CEST 2011


Am 04.04.2011 18:02, schrieb Alan DeKok:
> Jürgen Stader wrote:
>>> When you cloned your RADIUS server, did you give the clone a different
>>> certificate afterwards?
>    Since you didn't answer that question directly, it looks like a "yes".
You' re right, but you can read this out of the lines. The two machines 
have different certificates. Signed from same CA.
>> The original radius has a trusted certificate, signed by our CA. The
>> clone has also a trusted certificate with its DN registred in DNS.
>> I edited the corresponding section in eap.conf and placed the filename
>> of the new certificate- and keyfile.
>>
>> private_key_file = ${certdir}/roaming.key
>> certificate_file = ${certdir}/roaming.pem
>>
>> The certificates were generate with the same attributes (exept the DN).
>    Which avoids answering the question.
>
>    The solution to the problem is simple.  The answer is in front of you.
>
>    Alan DeKok.
Looks like i'm blind...please give me a hint ;-)



More information about the Freeradius-Users mailing list