'RE: Certificate validation checkbox - windows 7 wired'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: Certificate validation checkbox - windows 7 wired
From:       "Morris, Andi" <amorris () cardiffmet ! ac ! uk>
Date:       2012-07-25 15:50:57
Message-ID: 47FAC5A830933045A14A6EF10F2C796E7FBE22C0 () E2K10DB1 ! internal ! uwic ! ac ! uk
[Download RAW message or body]

[Attachment #2 (text/plain)]

OK, one reinstall later and the exact same thing is occurring.  Users on the wireless \
network (NAS 10.1.1.13) can authenticate, whereas users on the wired network (example \
NAS 10.1.1.125) cannot and see the certificate_compatibility error.  The same setup \
on my primary FR server authenticates both clients.  I'll happily attach an output \
from that server to a separate email if anyone needs to see it.

I've attached the full debug if anyone would be so kind to have a look please?  I've \
run it through the online parser but it doesn't point anything obvious out to me.

Much appreciated as always,
Andi

-----Original Message-----
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org \
[mailto:freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org] On \
                Behalf Of Morris, Andi
Sent: 24 July 2012 18:05
To: FreeRadius users mailing list
Subject: RE: Certificate validation checkbox - windows 7 wired

Cheers both,
this is only happening for wired clients, so it's definitely not that they're \
wandering out of AP range.  Very odd why it would only happen for wired clients \
though.

Interesting to read that it's not necessarily a problem with the certificate, I'll \
double and triple check all my mschap and ntlm_auth configs first thing tomorrow.

I'll see if it still happens after I reinstall tomorrow and post full debugs and \
configs if so.

Thanks,
Andi
________________________________________
From: freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org \
[freeradius-users-bounces+amorris=cardiffmet.ac.uk@lists.freeradius.org] on behalf of \
                Phil Mayers [p.mayers@imperial.ac.uk]
Sent: 24 July 2012 17:13
To: freeradius-users@lists.freeradius.org
Subject: Re: Certificate validation checkbox - windows 7 wired

On 24/07/12 16:47, Morris, Andi wrote:
> Hi all,
> 
> I'm getting an odd problem where even when my clients are configured 
> not to validate the server certificate (test environment at the mo) on 
> their wired connections they are failing to authenticate on one 
> freeradius server but getting access-accept on another.
> 
> Debug output shows the familiar:

Can you show the full debug?

It is VERY occasionally not SSL validation, but a failure of MSCHAP mutual auth that \
causes this; often Samba has "gone funny", or there's some ntlm_auth \
                misconfiguration.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. \
From the 6th December 2011, as part of this change, all email addresses which \
included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff \
Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. \
Please could you ensure that all of your contact records and databases are updated to \
reflect this change. Further information can be found on the website \
here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O \
Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys \
@uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol \
Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. \
Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i \
adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan \
yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


["debugwired.log" (application/octet-stream)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic