Hello, I'm using FreeRADIUS-1.0.5 on Windows XP and Windows XP client. And I'm attempting PEAP authentication.
I was using the certificate published by OpenSSL, I revoked this certificate. (Herewith, this certificate's information was written on CRL.) And I attempted PEAP authentication by this revoked certificate, but authentication result was "Access-Accept". Is my setup amusing? Please give me advice by all means. A eap.conf is shown below. // eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { #challenge = "Password: " auth_type = PAP } tls { private_key_password = bbbb private_key_file = ${raddbdir}/newcerts/serverkey.pem certificate_file = ${raddbdir}/newcerts/servercert.pem CA_file = ${raddbdir}/newcerts/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random # fragment_size = 1024 # include_length = yes CA_path = ${raddbdir}/newcerts/ check_crl = yes check_cert_cn = %{User-Name} } peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = no } mschapv2 { } } -- Kouji Amemiya <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html