[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Freeradius + EAP_TLS + Cisco AP
From: Esteban TALAVERA <etalaveran () gmail ! com>
Date: 2010-09-30 19:33:18
Message-ID: AANLkTin-5ata8tTOpc2UnjSzku7kTY9-RYnExdGAx+n3 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks
Hi
After multiple issues I found a partial solution, but not the best.
I unselect "validate server certificate" in the XP client.
After doing that, the client authenticates. I know that this is a very
dangerous practice.
Is mandatory for an XP machine to authenticate the server certificate to a
valid CA?
I copied only the client certificate on XP machine.
Copying server`s certificate or my homemade CA certs into XP client will
works?
Gracias, Merci, thanks
On Wed, Sep 29, 2010 at 2:27 AM, Matija Levec <Matija.Levec@astec.si> wrote:
> You say you are trying to setup eap-tls and you have client certs - so you
> probably also want to set client to eap-tls (smart card or other certificate
> in windows world).
> Check you installed proper CA certs on both client and server if you are
> checking them (which I guess you should). 'PEAP or EAP-TLS Doesn't Work
> with a Windows machine' part of faq really includes useful info.
>
> Bye,
> M.
>
>
> >>> Esteban TALAVERA <etalaveran@gmail.com> 28.9.2010 16:40 >>>
> I tried to apply the hotfix but it was included in SP3. The laptop has
> Windows XP SP3.
>
> xpextensions is added to the certificate.
>
> What's mean [tls] eaptls_process returned 13?
>
>
> default_eap_type = peap must be set tp peap or tls?
>
> Thanks
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
*Esteban Talavera*
*
*
*Proyectos ITW*
Tel. +(58)212 7623035
+(58)212 7620504
Cel. +(58)412 2892006
Fax +(58)212 7615965
[Attachment #5 (text/html)]
Thanks<div><p class="MsoNormal"><span lang="EN-US" \
style="mso-ansi-language:EN-US">Hi</span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"> </span> </p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">After
multiple issues I found a partial solution, but not the best.</span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">I unselect
"validate server certificate" <span style="mso-spacerun:yes"> </span>in the \
XP client. </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">After doing
that, the client authenticates. </span>I know that
this is a very dangerous practice.</p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">Is
mandatory for an XP machine to authenticate the server certificate to a valid \
CA?</span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">I copied only
the client certificate on XP machine. </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-ansi-language:EN-US">Copying \
server`s certificate or my homemade CA certs into XP client will works?</span></p><p \
class="MsoNormal"><span lang="EN-US" \
style="mso-ansi-language:EN-US"><br></span></p><p class="MsoNormal">Gracias, Merci, \
thanks</p><br><div class="gmail_quote"> On Wed, Sep 29, 2010 at 2:27 AM, Matija Levec \
<span dir="ltr"><<a \
href="mailto:Matija.Levec@astec.si">Matija.Levec@astec.si</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex;"> You say you are trying to setup eap-tls and you have \
client certs - so you probably also want to set client to eap-tls (smart card or \
other certificate in windows world).<br> Check you installed proper CA certs on both \
client and server if you are checking them (which I guess you should). 'PEAP or \
EAP-TLS Doesn't Work with a Windows machine' part of faq really includes \
useful info.<br>
<br>
Bye,<br>
M.<br>
<br>
<br>
>>> Esteban TALAVERA <<a \
href="mailto:etalaveran@gmail.com">etalaveran@gmail.com</a>> 28.9.2010 16:40 \
>>><br> <div class="im">I tried to apply the hotfix but it was included in \
SP3. The laptop has<br> Windows XP SP3.<br>
<br>
xpextensions is added to the certificate.<br>
<br>
What's mean [tls] eaptls_process returned 13?<br>
<br>
<br>
default_eap_type = peap must be set tp peap or tls?<br>
<br>
Thanks<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div><div><div></div><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a \
href="http://www.freeradius.org/list/users.html" \
target="_blank">http://www.freeradius.org/list/users.html</a><br> \
</div></div></blockquote></div><br><br clear="all"><br>-- <br><span \
style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse"><p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"> <b><span \
style="font-size:small"><font color="#666666">Esteban Talavera</font></span></b><font \
color="#666666"><span style="font-size:small"></span></font></p><p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"> <b><span \
style="font-size:small"><font color="#666666"><br></font></span></b></p><p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><b><span \
style="font-size:small"><font color="#666666"><font face="'arial narrow', \
sans-serif"><i>Proyectos ITW</i></font></font></span></b></p> <p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span \
lang="ES"><font color="#666666"><span style="font-size:x-small">Tel. \
</span></font></span><span style="white-space:pre"><font color="#666666"><span \
style="font-size:x-small"> </span></font></span><font color="#666666"><span \
style="font-size:x-small">+(58)212 7623035</span></font></p> <p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><span \
style="white-space:pre"><font color="#666666"><span \
style="font-size:x-small"> </span></font></span><font color="#666666"><span \
style="font-size:x-small">+(58)212 7620504</span></font></p> <p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><font \
color="#666666"><span style="font-size:x-small">Cel.</span></font><span \
style="white-space:pre"><font color="#666666"><span \
style="font-size:x-small"> </span></font></span><font color="#666666"><span \
style="font-size:x-small">+(58)412 2892006</span></font></p> <p \
style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px"><font \
color="#666666"><span style="font-size:x-small">Fax </span></font><span \
style="white-space:pre"><font color="#666666"><span \
style="font-size:x-small"> </span></font></span><font color="#666666"><span \
style="font-size:x-small">+(58)212 7615965</span></font></p> </span><br>
</div>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic