Hi again folks: I have just been able to go "a bit futher" in my tests, but no so much. My goal: Try to deploy EAP-TTLS authentication by using "Client certificate", "Server certificate validation" and "user/password" authentication. Client: Windows Vista supplicant software Test that I have succeeded at the moment: - "Microsoft: Smart Card or other Certificate" (so... "client certificate" & "Server Certificate Validation" works already) - "Microsoft: EAP (PEAP)" (so... also "Server Certificate Validation" + "EAP-MSCHAPv2" user/password works!!) - "Intel: EAP-TTLS" with "PAP user/password" & only "Server Certificate Validation" --> also works fine!! But when I am trying to setup "Intel: EAP-TTLS" with "PAP user/password", "Server Certificate Validation" + "Specify Server or Certificate Name" I always get next error message... [ttls] Done initial handshake [ttls] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation ...and I guest it is not due to the "Client Certificate" because it was succeed authenticated in the previous tests Probably is due to I am not sure what I should write in the box reserved for "Server or Certificate Name" (on the "Step 2 of 2" at the supplicant windows software) Anyone knows what I should write at this box? I could not find a "server name" or "domain name" at the certificate (as it is explained on the "windows in-line help") Thanks in advance for your useful help. Regards, Fernando. |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html