>The certs shouldn't be the problem. On the clients I have a client cert >with right extended-usage and the server has a server-cert with the >right attributes. In XP the certmgr says it's for >Clientauthentification. They worked with SP2. But I also tried to >install a server-cert with client-extended-usage, also no success. I'am >a bit worried about the registry-errors in the logs I've posted. >
It looks like SP3 will not allow server certificate to be used as intermediate CA. >I can't believe that I'am the first one who tried to authenticate an XP >SP3 machine with EAP-TLS to Freeradius. I mean, XP has a >market-domincnce of >95% and this problem should also occur if you >authenticate via WLAN. So there must be a solution and I'am doing >something terrebly wrong. > Try signing client certificates with the ca certificate. I have included modified Makefile for 2.1.3. I have added "make caclient.pem" to produce client certificates and "cleanca" to remove them. Try importing caclient.p12 created this way onto the user machine (along with ca.der) and see if they will work with SP3. They should work with SP2 as well. Ivan Kalik Kalik Informatika ISP >I'd like to hear from at least one person that it works. At the moment I >believe XP SP3 is incompatible to Freeradius. > >Thanks > Alex >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >
Makefile
Description: Binary data
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
