"WARNING: !! EAP session for state ... did not finish!", And Other Warnings
Jim Seymour
jseymour at LinxNet.com
Sat Oct 3 02:58:12 CEST 2015
On Sat, 3 Oct 2015 00:30:31 +0100
Matthew Newton <mcn4 at leicester.ac.uk> wrote:
[snip]
>
> I just extracted your cert from the EAP-Message, and you've not
> got the TLS Server Auth OID (1.3.6.1.5.5.7.3.1) in it.
>
> On that basis, could you please explain to us all how the heck you
> managed to get it to work at all the second time... :-)
*You* are asking *me*? :)
>
> Re-generate the server certificate according to
> http://wiki.freeradius.org/guide/Certificate_Compatibility (as the
> original message said) and you should be good.
I saw that page. Several times. Nothing I saw there appeared to
lead me to any... well, anything, really. But, based on your
re-urging, I looked at it again, went "Hmmm... I wonder...?", took a
guess and tried (on the server where FreeRADIUS is installed)...
$ locate xpextensions
/usr/share/doc/freeradius/examples/certs/xpextensions
Ohhh kay. (I won't ask why that wasn't just put on the Wiki
page--I suppose there's a good reason.) Looked...
Now I *know* I never had to do that before. In fact: The certs on my
existing server expired just a month ago or so and I had to generate
new ones... Just double-checked: The FreeRADIUS on current production
server is using the same self-signed certs as everything else on that
server.
My confusion increases. How is it I've been running everything from
MS-Win95 through MS-Win7 on my existing network, using FreeRadius
1.1.1, and plain old self-signed server certs, w/o any special OIDs,
all these years? And never installing CA certs (which eventually
expire) on all the PCs?
Help me to understand, please? Is this a result of some change
between 1.1.x and 2.x.x?
Is this how you add those OIDs:
http://fincelfamily.com/tutorial_radiusserver.html
???
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the Freeradius-Users
mailing list