Certificate validation checkbox - windows 7 wired

Morris, Andi amorris at cardiffmet.ac.uk
Wed Jul 25 17:50:57 CEST 2012


OK, one reinstall later and the exact same thing is occurring.  Users on the wireless network (NAS 10.1.1.13) can authenticate, whereas users on the wired network (example NAS 10.1.1.125) cannot and see the certificate_compatibility error.  The same setup on my primary FR server authenticates both clients.  I'll happily attach an output from that server to a separate email if anyone needs to see it.

I've attached the full debug if anyone would be so kind to have a look please?  I've run it through the online parser but it doesn't point anything obvious out to me.

Much appreciated as always,
Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org [mailto:freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org] On Behalf Of Morris, Andi
Sent: 24 July 2012 18:05
To: FreeRadius users mailing list
Subject: RE: Certificate validation checkbox - windows 7 wired

Cheers both,
this is only happening for wired clients, so it's definitely not that they're wandering out of AP range.  Very odd why it would only happen for wired clients though.

Interesting to read that it's not necessarily a problem with the certificate, I'll double and triple check all my mschap and ntlm_auth configs first thing tomorrow.

I'll see if it still happens after I reinstall tomorrow and post full debugs and configs if so.

Thanks,
Andi
________________________________________
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org [freeradius-users-bounces+amorris=cardiffmet.ac.uk at lists.freeradius.org] on behalf of Phil Mayers [p.mayers at imperial.ac.uk]
Sent: 24 July 2012 17:13
To: freeradius-users at lists.freeradius.org
Subject: Re: Certificate validation checkbox - windows 7 wired

On 24/07/12 16:47, Morris, Andi wrote:
> Hi all,
>
> I'm getting an odd problem where even when my clients are configured 
> not to validate the server certificate (test environment at the mo) on 
> their wired connections they are failing to authenticate on one 
> freeradius server but getting access-accept on another.
>
> Debug output shows the familiar:

Can you show the full debug?

It is VERY occasionally not SSL validation, but a failure of MSCHAP mutual auth that causes this; often Samba has "gone funny", or there's some ntlm_auth misconfiguration.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debugwired.log
Type: application/octet-stream
Size: 39127 bytes
Desc: debugwired.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120725/86657338/attachment-0001.obj>


More information about the Freeradius-Users mailing list