802.1x on Active Directory: no errors in debug but auth fails

Brett Littrell Blittrell at musd.org
Tue Feb 8 00:13:13 CET 2011


Hi 
 
    Not sure if your just having issues with the OID or something else, but I found the thread really helped to fix cert issues I had.  http://lists.cistron.nl/pipermail/freeradius-users/2006-October/msg00515.html .  I used the MS cert server as described in this listing as well as used our Novell Cert server and both worked for issuing a Cert that MS clients will accept.  I am sure OpenSSL can do it to just never looked far enough into it to see the exact syntax.
 
    Hope this helps.
 
Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE


>>> On Monday, February 07, 2011 at 7:27 AM, in message <00a301cbc6db$90153ec0$b03fbc40$@it>, Domenico Viggiani <dviggiani at tiscali.it> wrote:

> if you do, then its your loss and you'll be limited for the future of
> your infrastructure.
> 
> use freeRADIUS - after all, at least it will give you information and
> debug
> detailed information....when NPS goes wrong...well, good luck.
I understand very well: I used older M$'IAS and it offered NO debug info at
all!

> this is probably a trivial issue - how did you create your CA? how did
> you sign
> the radius CRT/PKCS12 file?
I used the self-generated certificates, at first startup of Freeradius
service (installed from Red Hat "official" RPM package, not compiled).

What else can I do? A client PC with an OS different from XP?

--
DV

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110207/c0abd1cb/attachment.html>


More information about the Freeradius-Users mailing list