Re: EAP-TLS multi clients
Matteo Lazzarini wrote: K. Hoercher wrote: On 8/29/06, Lazzarini Matteo [EMAIL PROTECTED] wrote: First of all I excuseme for my English. :-( Ah no problem, after it got sorted out. itself correctly to the wlan, authenticated from freeradius whit eap-tls. Now therefore not there are more problems for that it regards the authentication. Grats. So it was just my pessimism to suppose there are still issues. The CA.all script generates me only 1 server, 1 client and 1 root Hm. Ok, those are just provided to be able to check the freeradius setup with respect to eap et al., they are not meant to be a production CA. So I'd suggest looking at openssl.org for further information (looking at the scripts might give you some starting point though). Basically you are to issue (unique) client certs (modelled to the one CA.all gave you) to other users either by acting as your own CA or using some commercial CA. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I have need of certs for 3 clients, for some tests on freeradius with a sniffer that it capture the input . Therefore I want certs of test the type which already use, generated with the CA.all script. How I can make 3 certs for distinct for the clients? Is it possible to modify CA.all in order to create certs for 1 root, 1 serveur and 3 or more client certs for EAP-TLS (xpextension incuded)? Someone knows gives me of the information also on the guides who can help me? Thousand thanks for all Matteo ;-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Someone knows to give to me of info/help? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS multi clients
Hi, Well, as I have already told you, you should look for information regarding ssl (so, openssl.org is a most prominent starting point), which isn't a freeradius issue and as such is off topic here. In any event, even if it were, to keep pounding this list, because nobody did serve immediately to your needs, is considered not very nice. hth K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS multi clients
Title: EAP-TLS multi clients Hi, I do not succeed to authenticate others client in mine system. I have used three scripts to generate certs root, server and client (with xpextension). They exist of the certs for multi clients to use for eap-tls? Somebody it has of the councils on like making? thanks Matteo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS multi clients
On 8/29/06, Lazzarini Matteo [EMAIL PROTECTED] wrote: I have used three scripts to generate certs root, server and client (with xpextension). They exist of the certs for multi clients to use for eap-tls? Hi, Which scripts? I'm not sure what your last sentence means. Afaik you should give out one (client) certificate per user. Whats the debugging output? Supposing it's the *same* problem as with your previous tests regarding eap-peap/mschapv2 did you check for the hint Alan gave? Furthermore the whole range suggested in [EMAIL PROTECTED] might be useful. (regarding #1, please see http://lists.shmoo.com/pipermail/hostap/2006-July/013673.html ). While perhaps being the most cumbersome, a full capture like suggested might be also most instructive. The nas log you showed in [EMAIL PROTECTED] sadly isn't very concise. But as it somehow mentiones an EAP-Response with your desired username, it would be good to know if/when/how it sends those out to freeradius, as they seem to get lost. So capturing the traffic between nas and freeradius would be a good idea also. If that doesn't give yourself any clues, I'd suggest providing url's where to download those informations. Please don't try to put some digested information into an line mangling mua or an eventually similar way of making it unnecessary hard to look into it for those trying to help. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: EAP-TLS multi clients
OK. First of all I make excuses myself for my little precise English. :-( The scripts about which I speak they are those inside of the scripts directory of freeradius sources. (CA.all) I use the client's certificate (cert-clt.p12) for my user who connects itself correctly to the wlan, authenticated from freeradius whit eap-tls. Now therefore not there are more problems for that it regards the authentication. What I wanted to know is if there is a way in order to obtain more certs for others client of the wlan. The CA.all script generates me only 1 server, 1 client and 1 root Thanks -Messaggio originale- Da: [EMAIL PROTECTED] per conto di K. Hoercher Inviato: mar 29/08/2006 14.51 A: FreeRadius users mailing list Oggetto: Re: EAP-TLS multi clients On 8/29/06, Lazzarini Matteo [EMAIL PROTECTED] wrote: I have used three scripts to generate certs root, server and client (with xpextension). They exist of the certs for multi clients to use for eap-tls? Hi, Which scripts? I'm not sure what your last sentence means. Afaik you should give out one (client) certificate per user. Whats the debugging output? Supposing it's the *same* problem as with your previous tests regarding eap-peap/mschapv2 did you check for the hint Alan gave? Furthermore the whole range suggested in [EMAIL PROTECTED] might be useful. (regarding #1, please see http://lists.shmoo.com/pipermail/hostap/2006-July/013673.html ). While perhaps being the most cumbersome, a full capture like suggested might be also most instructive. The nas log you showed in [EMAIL PROTECTED] sadly isn't very concise. But as it somehow mentiones an EAP-Response with your desired username, it would be good to know if/when/how it sends those out to freeradius, as they seem to get lost. So capturing the traffic between nas and freeradius would be a good idea also. If that doesn't give yourself any clues, I'd suggest providing url's where to download those informations. Please don't try to put some digested information into an line mangling mua or an eventually similar way of making it unnecessary hard to look into it for those trying to help. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html winmail.dat- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS multi clients
Title: EAP-TLS multi clients OK. First of all I excuseme for my English. :-( The scripts about which I speak they are those inside of the scripts directory of freeradius sources. (CA.all) I use the client's certificate (cert-clt.p12) for my user who connects itself correctly to the wlan, authenticated from freeradius whit eap-tls. Now therefore not there are more problems for that it regards the authentication. There is a way to obtain more certs for others clients of the wlan (multi-clients). The CA.all script generates me only 1 server, 1 client and 1 root Thanks -Messaggio originale- Da: [EMAIL PROTECTED] per conto di K. Hoercher Inviato: mar 29/08/2006 14.51 A: FreeRadius users mailing list Oggetto: Re: EAP-TLS multi clients On 8/29/06, Lazzarini Matteo [EMAIL PROTECTED] wrote: I have used three scripts to generate certs root, server and client (with xpextension). They exist of the certs for multi clients to use for eap-tls? Hi, Which scripts? I'm not sure what your last sentence means. Afaik you should give out one (client) certificate per user. Whats the debugging output? Supposing it's the *same* problem as with your previous tests regarding eap-peap/mschapv2 did you check for the hint Alan gave? Furthermore the whole range suggested in [EMAIL PROTECTED] might be useful. (regarding #1, please see http://lists.shmoo.com/pipermail/hostap/2006-July/013673.html ). While perhaps being the most cumbersome, a full capture like suggested might be also most instructive. The nas log you showed in [EMAIL PROTECTED] sadly isn't very concise. But as it somehow mentiones an EAP-Response with your desired username, it would be good to know if/when/how it sends those out to freeradius, as they seem to get lost. So capturing the traffic between nas and freeradius would be a good idea also. If that doesn't give yourself any clues, I'd suggest providing url's where to download those informations. Please don't try to put some digested information into an line mangling mua or an eventually similar way of making it unnecessary hard to look into it for those trying to help. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html