hi Artur, > > hi Frederic >
>> What do you want to say is that win2K is going to take EAP-Identity >> value >> in client certificate, before EAP-TLS challenge start ?? >> I don't think so, it doesn't work like that with Xsupplicant/FreeRADIUS >> and it's not describe like this in RFC. > > no. what i want to say is that you force Windows to use EAP/TLS and it > gets now the EAP Request Identity message. it has to reply to this > message and it does need at least one identity for that. Ok > Unless you tell > it to use some other identity (there is a check box you can mark) I've tryed that, but nothing happened. > it will automatically take the CN out of the installed certificate. Then I would be able to see the answer EAP-Identity packet with protocol viewer, enven if value of CN client certificate isn't the same as identity in /raddb/users file ? > If there is no certificate (or it is not where it should be, or it is in > the machine repository but the machine identification is not on, or the > certificate is invalidated by something like expiration or not available > root certificate or or or or), well then Windows simply does not have > any idea what to reply to the Authenticator, does it? I think client and root cert are valids, then I'm going to contrôl the place where they have to be.... > > ciao > artur Thx very much for your help. fred - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html