PEAP/MSCHAPv2 problem
Stefan Winter
stefan.winter at restena.lu
Tue Apr 5 10:18:51 CEST 2011
Hi,
> The complete certification path is installed on the client. The client
> don't have an extra client certificate, server certificate check is
> turned off in wireless settings.
Turned off? Thanks, that's a new piece of info! That would hint towards
a different problem indeed.
> Original radius works fine, with both SSIDs, new radius does not.
> So what's wrong?
The debug output still points towards: the client doesn't want to speak
to the server after starting the EAP conversation. If it's not a
certificate problem, something else is different between the two RADIUS
servers. What did you do after cloning the VM? Did you upgrade
FreeRADIUS from an older version maybe?
It would certainly help if you could post the debug output of the old
server vs. the new one; for the EAP conversation in its entirety, not
just the last packet exchange.
If you positively want to rule out that the certificate change was the
problem, you could, if your CA's policy allows, install the old server's
certificate on the new instance. For IEEE 802.1X, there is no
requirement that DNS names and CN/subjectAltNames match.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110405/c72d7cdc/attachment.pgp>
More information about the Freeradius-Users
mailing list