Hello,

I'm using FreeRADIUS-1.0.5 on Windows XP and Windows XP client.
And I'm attempting PEAP authentication.

I was using the certificate published by OpenSSL, I revoked this certificate.
(Herewith, this certificate's information was written on CRL.)

And I attempted PEAP authentication by this revoked certificate, 
but authentication result was "Access-Accept".

Is my setup amusing?
Please give me advice by all means.

A eap.conf is shown below.

// 

  eap {
    default_eap_type = peap
    timer_expire     = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no

    md5 {
    }

    leap {
    }
    gtc {
      #challenge = "Password: "
      auth_type = PAP
    }

    tls {
      private_key_password = bbbb
      private_key_file = ${raddbdir}/newcerts/serverkey.pem

      certificate_file = ${raddbdir}/newcerts/servercert.pem

      CA_file = ${raddbdir}/newcerts/cacert.pem

      dh_file = ${raddbdir}/certs/dh
      random_file = ${raddbdir}/certs/random

      # fragment_size = 1024
      # include_length = yes

      CA_path = ${raddbdir}/newcerts/
      check_crl = yes
      check_cert_cn = %{User-Name}
    }

    peap {
      default_eap_type = mschapv2
      copy_request_to_tunnel = yes
      use_tunneled_reply = no
    }

    mschapv2 {
    }
  }

-- 
Kouji Amemiya <[EMAIL PROTECTED]>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to