Kwok Sianbin escribió:
Thanks for the tips. If the certificates are fine then the only problem here is the radius server. XP can not authenticate the client & can't get connected. here the output Ready to process requests. User-Name = "MarsNet_Client" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02020013014d6172734e65745f436c69656e74 Message-Authenticator = 0x00ebc8fcffd2c906e2d36ec4fff17d3a +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns nooprlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULLrlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns nooprlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010300060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7382effe7381e2540240fd45d4418b28 Finished request 4. Going to the next request Waking up in 4.9 seconds. Cleaning up request 4 ID 1 with timestamp +930 Ready to process requests. User-Name = "MarsNet_Client" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:30:1a:29:03:66" Calling-Station-Id = "00:1c:f0:10:56:b8" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02010013014d6172734e65745f436c69656e74 Message-Authenticator = 0xd79261edb8c5b177b0b6334837684449 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns nooprlm_realm: No '@' in User-Name = "MarsNet_Client", looking up realm NULLrlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns nooprlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae557800ae5775e5b09645c04263a306 Finished request 5. Going to the next request Waking up in 4.9 seconds. Cleaning up request 5 ID 3 with timestamp +950 Ready to process requests. --- On *Mon, 7/7/08, Ivan Kalik /<[EMAIL PROTECTED]>/* wrote: From: Ivan Kalik <[EMAIL PROTECTED]> Subject: Re: Private key To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Date: Monday, July 7, 2008, 10:38 PM Why do you care if "Windows does not have enough information to verify this certificate"? Does radius server have any problems with it? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ------------------------------------------------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________ Información de NOD32, revisión 3253 (20080709) __________ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com
Have you read last lines of eap.conf? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
