On 09/17/2010 11:00 AM, Klaus Laus wrote:
thanks a lot for your answer.
Either move the "files" module before "eap", or use unlang to set it:
authorize {
...
update control {
EAP-TLS-Require-Client-Cert = yes
}
eap
...
}
I did the changes in the authorize section, and freeradius seems to require the
client certificate. But the server is not accept my certificate. I don't think
that the certificate is bad because I can login any client with the same
certificate when I use TLS instead of PEAP.
This is my way to login with PEAP on a windows xp client maybe I do anything
wrong? :
I import the pksc12 certificate from the freeradius server in the windows xp certificate
management. When I type certmgr.msc under "run" I can see that the certificate
is successfully imported. Then I scan for the wireless networks and connect to wifix, I
use PEAP with MSCHAP v.2 and type in testuser as user with the correct password.
Here you can see the debug output (freeradius did not find my certificate):
That's right, the server didn't get your cert, it's right in the debug.
As Alan said this isn't a server issue, it's a client issue, figure out
why your client is not returning a cert.
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer
did not return a certificate
SSL: SSL_read failed in a system call (-1), TLS session fails.
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html