Re: Proxy - EAP problems
Thanks for the hint. BTW do you have any links to info about how to implement magic Microsoft OID's - Google search did not give much :-( The authentication for the topology access-point - pdc (also freeradius) works and certificates for the proxy are generated in the similar way. I have expected that access-point - proxy - pdc toplogy should also work. Furthermore, the same happens with the EAP-TTLS (SecureW2 supplicant) and in both EAP-methods all verify server certificates are unchecked on the supplicant site. --Wladyslaw Pietraszek Alan DeKok wrote: Wladyslaw Pietraszek [EMAIL PROTECTED] wrote: Authentication when access-points use 'pdc' directly works fine for EAP-PEAP/TTLS. Authentication for the topology access-point - proxy - pdc fails. Probably supplicant/access-point ignores access-challenge (EAP) response. The reason that happens is most likely that the proxy server certificates don't contain the magic Microsoft OID's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy - EAP problems
On Thu, Jun 22, 2006 at 10:06:05AM +0200, Wladyslaw Pietraszek wrote: Thanks for the hint. BTW do you have any links to info about how to implement magic Microsoft OID's - Google search did not give much :-( There is a link to this article on the front page of the FreeRADIUS web site :- http://www.linuxjournal.com/article/8095 See the xpextensions section. -- Ben Thompson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy - EAP problems
Thanks to Allan and Ben for hints and link to documentation. Proxy server has had correct certificates and although new certificates has been installed the proxy still fails to authenticate. Proxy server certificate does include xpextensions and openssl x509 -in cert_file -noout -text gives X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication which I belive is the sign that xpextensions are included in the certificate. Any other hints how to fix the proxy problem? Thanks W. A. Pietraszek B Thompson wrote: On Thu, Jun 22, 2006 at 10:06:05AM +0200, Wladyslaw Pietraszek wrote: Thanks for the hint. BTW do you have any links to info about how to implement magic Microsoft OID's - Google search did not give much :-( There is a link to this article on the front page of the FreeRADIUS web site :- http://www.linuxjournal.com/article/8095 See the xpextensions section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy - EAP problems
Wladyslaw Pietraszek [EMAIL PROTECTED] wrote: Authentication when access-points use 'pdc' directly works fine for EAP-PEAP/TTLS. Authentication for the topology access-point - proxy - pdc fails. Probably supplicant/access-point ignores access-challenge (EAP) response. The reason that happens is most likely that the proxy server certificates don't contain the magic Microsoft OID's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html