PEAP/MSCHAPv2 problem
Jürgen Stader
juergen.stader at hs-furtwangen.de
Tue Apr 5 09:21:00 CEST 2011
Am 05.04.2011 07:31, schrieb Stefan Winter:
> Hi,
>
>>> The solution to the problem is simple. The answer is in front of
>>> you.
>>>
>>> Alan DeKok.
>> Looks like i'm blind...please give me a hint ;-)
> Dude... supplicants are typically configured to trust only the exact one
> certificate that is in the RADIUS Server (CN=... is in the supplicant
> conf). If you change the Subject in the cert... the supplicant won't
> like it any more.
>
> Stefan
>
OK, once again; i have cloned a radius-server vm, the new radius-server
has a new DNS-Entry, IP and a new certificate. The wlan-ssid is
different from that one wich is used by the original radius.
I checked both certificates, they match the requirements given by
microsoft. The certificates are both singed by same CA, with same O,OU,
hash-algorithm, key strength... CN is logically different and is set to
host and dns name (are the same) from the new radius, like:
CN=new-radius.mydomain.mycountry
The complete certification path is installed on the client. The client
don't have an extra client certificate, server certificate check is
turned off in wireless settings.
A cisco wireless controller is used for both SSIDs.
Original radius works fine, with both SSIDs, new radius does not.
So what's wrong?
Juergen
More information about the Freeradius-Users
mailing list