EAP-TLS/PEAP problem

Wed, 30 Apr 2008 03:45:51 -0700 

Hello list.
I am sorry about my poor english skills but hope i could be understood anyway.
I use freeradius 1.1-7 on fedora 8 (installed with yum command). right now, my 
users in the "/etc/raddb/users" file are able to authenticate without no 
problem.
i intend to use eap-tls and eap-peap to authenticate my users. to do so, i read 
this tutorial: http://www.wi-fiplanet.com/tutorials/article.php/3557251 (two 
sheets) which is very helpfull.
but on the second part of the tuto, i encounter a problem with the extensions 
part:
- it is said to create a file named "extensions" (my case 
/etc/pki/tls/extensions) and to copy that lines into:
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
and then to modify my previous certificate like that:
# openssl ca -out master_cert.pem -extensions xpserver -infiles ./masterreq.pem
# openssl ca -out client_cert.pem -extensions xpserver -infiles ./clientreq.pem 
when i do this, the system give me an error message:
[EMAIL PROTECTED] ensiasCA]# pwd
/etc/pki/CA/ensiasCA
[EMAIL PROTECTED] ensiasCA]# openssl ca -out certs/ensias_cert.pem -extensions 
xpserver_ext -infiles certs/radiusserverreq.pem 
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/ensiasCA/private/cakey.pem:
Error Loading extension section xpserver_ext
4230:error:0E06D06C:configuration file routines:NCONF_get_string:no 
value:conf_lib.c:329:group=CA_default name=email_in_dn
[EMAIL PROTECTED] ensiasCA]# 

i suppose i have problem creating extensions.... 
there's a long time i try to fix it (and some many before), and right now, i 
come and ask your help to fix it.
thanx for helping

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
20000 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible 
contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to