thanks for the point, david probably just has to check the extensions and other things. however, it seems that the server certificate isn't accepted, not the client certificate.
something has to be wrong, since in my case, too, it worked fine with cisco and orinoco equipment, since the 0.5 fr release, so...
ciao
artur
Philip Blow wrote:
David, Artur,
This problem appears to be caused by having the Server Authentication
and
Client Authentication properties set in the certificate. If you disable
all
extended certificate properties except the Client Authentication in the
Client certificate on the XP machine the EAP authentication should work.
It worked for me via both Symbol and Orinoco APs with certificates that
I generated with the OpenCA certificate authority.
Cheers,
Philip Blow
Senior Technical Manager
Simply Wireless
[EMAIL PROTECTED]
shouldhi David ok, it's good news then... if you followed exactly the steps, it
work fine.to find the error, just put the same certificate which is available atthe server side on your XP machine and open it using the crypto extensions (double-click). XP should say you what is missing. the most
probable error would be imho an expiration date. the second possible would be the forgotten extension (as already said, both errors should not be there if you followed exactly the script, but still, check it).
path,check the availability of the private key, check the certification
CAXP should know the signing CA (meaning that the cert is signed by the
whose certificate is installed under certification authorities). regards, artur David Baer wrote:The problem has been partially solved (or let's say: narrowed). Somehow the server's certificate is not accepted by theXP-supplicant.If the "Validate server certificate" check box is unchecked, theauthenticationsucceeds. To leave the server's certificate unvalidated is not verydesirbale though.(http://www.freeradius.org/doc/EAPTLS.pdf) to generateI used the script by Ken Roser
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlthe certificates. Any idea what I could have done wrong with the server's certificate?
david
-- Artur Hecker Département Informatique et Réseaux, ENST Paris http://www.infres.enst.fr/~hecker - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html