[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: RE: Certificate validation checkbox - windows 7 wired
From: "Morris, Andi" <amorris () cardiffmet ! ac ! uk>
Date: 2012-07-25 15:50:57
Message-ID: 47FAC5A830933045A14A6EF10F2C796E7FBE22C0 () E2K10DB1 ! internal ! uwic ! ac ! uk
[Download RAW message or body]
[Attachment #2 (text/plain)]
OK, one reinstall later and the exact same thing is occurring. Users on the wireless \
network (NAS 10.1.1.13) can authenticate, whereas users on the wired network (example \
NAS 10.1.1.125) cannot and see the certificate_compatibility error. The same setup \
on my primary FR server authenticates both clients. I'll happily attach an output \
from that server to a separate email if anyone needs to see it.
I've attached the full debug if anyone would be so kind to have a look please? I've \
run it through the online parser but it doesn't point anything obvious out to me.
Much appreciated as always,
Andi
-----Original Message-----
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org \
[mailto:freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org] On \
Behalf Of Morris, Andi
Sent: 24 July 2012 18:05
To: FreeRadius users mailing list
Subject: RE: Certificate validation checkbox - windows 7 wired
Cheers both,
this is only happening for wired clients, so it's definitely not that they're \
wandering out of AP range. Very odd why it would only happen for wired clients \
though.
Interesting to read that it's not necessarily a problem with the certificate, I'll \
double and triple check all my mschap and ntlm_auth configs first thing tomorrow.
I'll see if it still happens after I reinstall tomorrow and post full debugs and \
configs if so.
Thanks,
Andi
________________________________________
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org \
[freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org] on behalf of \
Phil Mayers [p.mayers@imperial.ac.uk]
Sent: 24 July 2012 17:13
To: freeradius-users@lists.freeradius.org
Subject: Re: Certificate validation checkbox - windows 7 wired
On 24/07/12 16:47, Morris, Andi wrote:
> Hi all,
>
> I'm getting an odd problem where even when my clients are configured
> not to validate the server certificate (test environment at the mo) on
> their wired connections they are failing to authenticate on one
> freeradius server but getting access-accept on another.
>
> Debug output shows the familiar:
Can you show the full debug?
It is VERY occasionally not SSL validation, but a failure of MSCHAP mutual auth that \
causes this; often Samba has "gone funny", or there's some ntlm_auth \
misconfiguration.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________
From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. \
From the 6th December 2011, as part of this change, all email addresses which \
included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff \
Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. \
Please could you ensure that all of your contact records and databases are updated to \
reflect this change. Further information can be found on the website \
here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O \
Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys \
@uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol \
Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. \
Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i \
adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan \
yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
["debugwired.log" (application/octet-stream)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic