Joe Meslovich wrote:
I just wanted to add some information to this message. I turned on EAPOL file tracing in the registery. When I look at the trace log that is created on the client and error is occuring when the client should be generating the response that contains its credentials. The error code in the EAPOL log is -2146893802. From what I've seen that error code has to do with not finding a keyset pair.
When doing machine authentication do the certificates need to be installed in a special manner? When I go into mmc I see the certificates that I installed in the local computer store.
Joe Meslovich
Joe,
The advice given by others on using this document : http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
is good advice. I've made machine certificates with a private CA and bone stock OpenSSL 0.9.7d - I got the same error until I made sure that the certificate contained the oid given in that write up.
If you look at the certificate with mmc and it is created correctly it should have just the one possible 'usage' - "Proves your identity to a remote computer".
HTH, Craig
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html