Graham, Robert wrote: > When I generated the certificates, I created the server key and server > csr with openssl. I signed the csr with a Windows CA (adding the > XPextensions) and then converted the DER format to PEM using openssl.
What's wrong with the certificate creation scripts in raddb/certs? They work... > I > verified that the certificate did have the Extended Key Attributes: > > [root@radius mycerts]# openssl x509 -text -noout -in radius2.pem shows: > > X509v3 Extended Key Usage: > TLS Web Server Authentication Which is required, but not sufficient for Windows to work. > When I try to authenticate, I did not see any errors, but at the end of > the debug output shows: > > WARNING: > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > WARNING: !! EAP session for state 0x17d5444b10dc5de2 did not finish! > WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility > WARNING: > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ... > I regenerated the certificates with the same results. Does anyone have > a clue on what is happening? Have you tried reading that web page? It contains detailed instructions. It also contains a pointer to another web page with step-by-step instructions for debugging PEAP. This *is* documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html