Stefan Puch wrote on 30.01.2008 11:13: > Hello everyone, > > I've got some problems with the new version of freeradius, but before I'm > going > to open a new bugreport or post long debugtraces from "radiusd -X" I want to > ask > here if someone else has made similar experiences. > > I've set up a freeradius server version 1.1.7 in our club to authenticate > several Notebooks. This worked fine with Windows XP, Windows Vista and Linux > clients using EAP-TLS certificates (many thanks for the good documentation of > the OIDs in the TLS certificate). > > Then some people came with their mobile devices which are running Windows > Mobile > 2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the problems began.
We know of problems with EE certificates in PDAs containing the "non-repudiation" flag. Additionally Windows build-in supplicants don't like EE certificates with the extendedKeyUsage "Microsoft Smartcard Logon" (1.3.6.1.4.1.311.20.2.2) when doing EAP-TLS. Apparently the latter issue can also be solved by just disabling the valid certificate usage of Microsoft Smartcard Logon in the issuing CAs trusted usages properties on the system. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstr. 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
