PEAP/MSCHAPv2 problem
Jürgen Stader
juergen.stader at hs-furtwangen.de
Tue Apr 5 12:02:25 CEST 2011
Am 05.04.2011 10:18, schrieb Stefan Winter:
> Hi,
>
>> The complete certification path is installed on the client. The client
>> don't have an extra client certificate, server certificate check is
>> turned off in wireless settings.
> Turned off? Thanks, that's a new piece of info! That would hint towards
> a different problem indeed.
>
>> Original radius works fine, with both SSIDs, new radius does not.
>> So what's wrong?
> The debug output still points towards: the client doesn't want to speak
> to the server after starting the EAP conversation. If it's not a
> certificate problem, something else is different between the two RADIUS
> servers. What did you do after cloning the VM? Did you upgrade
> FreeRADIUS from an older version maybe?
No, the machines are indetical, only changed IP, hostname and certificates.
No updates or something.
> It would certainly help if you could post the debug output of the old
> server vs. the new one; for the EAP conversation in its entirety, not
> just the last packet exchange.
I put the debug output in appendix.
Sorry i had to remove passwords and IPs because of security reasons, i
think you will understand ;-)
> If you positively want to rule out that the certificate change was the
> problem, you could, if your CA's policy allows, install the old server's
> certificate on the new instance. For IEEE 802.1X, there is no
> requirement that DNS names and CN/subjectAltNames match.
This was the first thing i tried...
> Greetings,
>
> Stefan Winter
Juergen
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug-clone.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110405/48188691/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug-original.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110405/48188691/attachment-0001.txt>
More information about the Freeradius-Users
mailing list