Hi Alan,
It looks like it is doing machine authentication, in which case the
Correct.
certs (both client and server) need the machine authentication OIDs,
I read that again and again, but I already have these OID in the certs.
Here a dump of my server-cert:
Certificate:
Data:
On 9/4/06, Alexandros Gougousoudis [EMAIL PROTECTED] wrote:
I read that again and again, but I already have these OID in the certs.
Here a dump of my server-cert:
No, you don't.
from Alan's post:
# 1.3.6.1.4.1.311.17.2
while TLS Web Server Authentication is 1.3.6.1.5.5.7.3.1
and TLS Web Client
Hi,
K. Hoercher schrieb:
No, you don't.
from Alan's post:
# 1.3.6.1.4.1.311.17.2
and TLS Web Client Authentication is 1.3.6.1.5.5.7.3.2
Hm, with Alans OID there is no communication between Radius and the
client. If I use the OID indicated in most HowTOs (like
Hi,
I can't even remotely unstand why you seem to look for help on one
hand, but on the other one keep declining answers to questions put to
you and insisting on false assumptions.
That's why I might not understand what you're asking. :-)
-- verify error:num=9:certificate is not yet valid
Hi,
Stefan Winter schrieb:
this list, is that the server cert doesn't have the MS TLS Web Server
Authentication OID in the cert. Please read the various documentation about
Nope, the cert has this extension. I checked that again and again.
Server is in DNS and the CN of the cert is the FQDN
Hi,
K. Hoercher schrieb:
1. Don't set Auth-Type. See
http://deployingradius.com/documents/configuration/auth_type.html
Thanks to your reply. The problem is, there are now a lot of partial
howtos in the net, but not even one covers all. I did that, because it
was in an howto... I'll try
Alexandros Gougousoudis [EMAIL PROTECTED] wrote:
vinfo-t1 is the netbiosname of the client, the realm(?) host/ comes from
Windows or the AP, I don't know. Probably it breaks the cert, because
the name differs and this bothers EAP/TLS. But I don't know how to
handle or shorten this. Maybe
Hi,
I'am running Freeradius 1.1.0 on Suse 10.1 with certificates. After a
lot of help from that list and a good FAQ I'am so far, that I generated
the certs for server and client and that the communication between
Client, Server and AP (Linksys Switch) works.
My problem is, that looking in
Hi,
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
EAP-Message = 0x0112000a0d80
Message-Authenticator = 0x
State = 0x3f9387f3adb41ddea578c30fd328358f
Finished request 13
Going to the next request
Waking up in 6
Hi,
On 9/1/06, Alexandros Gougousoudis [EMAIL PROTECTED] wrote:
My users files contains that:
testuserUser-Password == test2
host/vinfo-t1 Auth-Type:= EAP
vinfo-t1 Auth-Type:= EAP
# On no match, the user is denied access.
DEFAULT Auth-Type := Reject
Reply-Message = Bye
Stefan Winter wrote:
Hi,
Sending Access-Challenge of id 0 to 10.48.244.21 port 49154
EAP-Message = 0x0112000a0d80
Message-Authenticator = 0x
State = 0x3f9387f3adb41ddea578c30fd328358f
Finished request 13
Going to the next
Phil Mayers [EMAIL PROTECTED] wrote:
I wonder if it would be possible to have the PEAP, TLS and TTLS EAP
sub-modules print a VERY LOUD WARNING if that OID is missing from the
certificate on startup?
I think so. X509_print_ex, I believe. Dump the certificate to a
string buffer, and do
12 matches
Mail list logo
