Re : EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP Tue, 22 Jul 2008 13:15:24 -0700

log: http://tinypaste.com/5b99b

I am wondering something: some more questions:

as i encounterd problem with included script for certificate files (bootstarp!! 
am i the one?), i created my own certificate... as I could! the fact is that 
running bootstrap, client certificate is on error cause it says that server 
certificate is not valid or not allowed to sign other certificate files...

i created and imported my own on XP for the test: the one DER format of the CA, 
and the other one p12 format with EKU(of the client). it means, only two!

so my question is, if the certificate (with server extension) is missing on the 
client, could it interfer in EAP-PEAP authentication success?

thank you

----- Message d'origine ----
De : Reveal MAP <[EMAIL PROTECTED]>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Mardi, 22 Juillet 2008, 12h02mn 26s
Objet : Re : Re : Re : Re : Re :  EAP-TLS OK - EAP-PEAP KO!! why that?

Hello Alan (and all the others too)

I am sory about the delay!
here is the entire log: http://tinypaste.com/5b99b

EAP PEAP still don't work without giving an error message understandable by me! 
hope it will be clearer for you!

I precise:

NTLM_AUTH authenticate successfully against AD, same with winbind. and EAP-TLS 
runs Ok

thank you

----- Message d'origine ----
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Samedi, 19 Juillet 2008, 19h05mn 33s
Objet : Re: Re : Re : Re : Re :  EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP wrote:
>> "f you want to authenticate PEAP users via SQL (which you seem
>> to be saying), then don't configure the mschap module to use ntlm_auth."
> 
> my mistake: i didn't know...

  Huh?  You are aware that AD is not the same as SQL?

> back to Users based on AD.
>...
> in etc/raddb/module/mschap, i have this for ntlm_auth:
...

  And then nothing for "radiusd -X".

  If you can't follow repeated instructions, I think it's impossible for
me to help you.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

________________________________
 Envoyé avec Yahoo! Mail.
Une boite mail plus intelligente. 

_____________________________________________________________________________ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re : EAP-TLS OK - EAP-PEAP KO!! why that?

Reply via email to