RE: Re: Making certs for Windows users

2009-11-30 Thread tnt 
> So the only differences between the test cert and a real one is only what
> is written in the ca.cnf?

Why do you think that "test" certificates aren't "real"? They also work.
How else would you test things with them.

> I dont need to add or remove anything or make an extra file or something
> like that?

No, all you have to do is follow instructions in certs/README.

> Sorry for all (maybe stupid) questions but Im new to the thing of creating
> certs.

Then just follow simple and precise instructions given to you. You don't
have to invent or design anything, just follow instructions. If you can do
that - everything will be fine. If you can't, because you have an
overwhelming urge to muck about, things will be complicated.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Re: Making certs for Windows users

2009-11-30 Thread Peter Carlstedt 

> Message: 1
> Date: Mon, 30 Nov 2009 09:43:07 +
> From: Peter Carlstedt 
> Subject: Making certs for Windows users
> To: 
> Message-ID: 
> Content-Type: text/plain; charset="iso-8859-1"
> 
> 
> Hello everyone.
> 
> I got some questions regarding how to make a certificate that works towards 
> windows clients while running Freeradius with PEAP.
> 
> 
> 
> Well I have read on the wiki for Freeradius about making a standalone cert 
> for windows clients (root cert) but why do i need that installed on the 
> windows clients when i want to run peap? Isn?t peap meant to work in the way 
> that you shouldnt have to install stand alone certs in the users computers?
> 
> 
> 
> Anyway... I dont really understand what it is that i need to do to make real 
> certificates, I?ve read the "readme" file in raddb/certs but dont understand 
> what it says. I have got ca.cnf anf ca.pem etc since i started the radius 
> server the first time where it said that it made some certs, which i guess it 
> test certificates... the readme file only says that i should remove the old 
> ones but when i try to get into the certs folder through the terminal it says 
> i do not have permission to go into that folder.. Im using Ubuntu Desktop and 
> I dont know a way to get into the folder with the root other than typing 
> "sudo cd certs" which do not work. :/
> 
> 
> 
> Can I ignore the part which says that I need to remove the certs created when 
> i run the server the first time and just do changes in the ca.cnf?
> 
> 
> 
> As a sidenote, I?ve never worked with certificates before, I know what they 
> are meant to do but more than that i dont know. 
> 
> 
> 
> Best regards/ Peter Carlstedt
> 
> 
> 
> --
> Message: 5
> Date: Mon, 30 Nov 2009 11:15:09 +0100
> From: Alan DeKok 
> Subject: Re: Making certs for Windows users
> To: FreeRadius users mailing list
> 
> Message-ID: <4b139b2d.8000...@deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Peter Carlstedt wrote:
> > I got some questions regarding how to make a certificate that works
> > towards windows clients while running Freeradius with PEAP.
> 
> The howto's are detailed, and should be relatively clear.
> 
> > Well I have read on the wiki for Freeradius about making a standalone
> > cert for windows clients (root cert) but why do i need that installed on
> > the windows clients when i want to run peap?
> 
> Because that's how peap works.
> 
> > Isn?t peap meant to work in
> > the way that you shouldnt have to install stand alone certs in the users
> > computers?
> 
> No.
> 
> > Anyway... I dont really understand what it is that i need to do to make
> > real certificates, I?ve read the "readme" file in raddb/certs but dont
> > understand what it says. I have got ca.cnf anf ca.pem etc since i
> > started the radius server the first time where it said that it made some
> > certs, which i guess it test certificates... the readme file only says
> > that i should remove the old ones but when i try to get into the certs
> > folder through the terminal it says i do not have permission to go into
> > that folder.. Im using Ubuntu Desktop and I dont know a way to get into
> > the folder with the root other than typing "sudo cd certs" which do not
> > work. :/
> 
> This is Unix 101. You need to be "root" to edit the files in that
> directory.

Yes I understand that I need root permissions to edit files in that directory 
BUT is there anyway to get those permission without having to login with the 
root account? There are reasons of why you should use "sudo"in the terminal as 
a normal user instead of logging in as the root user. So what i mean is if 
there are some kind of command which gives me the same permissions as the root 
user in the terminal, was thinking about that since you can use the command 
"gksudo nautilus" to browse through directories which has root permission only. 
Is there any command which can give me the same permissions in the terminal?
> 
> > Can I ignore the part which says that I need to remove the certs created
> > when i run the server the first time and just do changes in the ca.cnf?
> 
> Sure. And then it won't work.
> 
> Alan DeKok.
> 
> 

So the only differences between the test cert and a real one is only what is 
written in the ca.cnf?

I dont need to add or remove anything or make an extra file or something like 
that?

Sorry for all (maybe stupid) questions but Im new to the thing of creating 
certs.
> --
Best regards/ Peter Carlstedt
  
_
Windows Live: Make it easier for your friends to see what you’re up to on 
Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html