Since you seem to know something about this, can you either:
A) Explain what the extended key oid nonsense is?
B) Point me to some place I can read about it?
http://www.freeradius.org/doc/
See the EAP-TLS stuff.
Microsoft requires magic stuff in the server certificate,
Eliot, Wireless and Server Administrator,
Great Lakes Internet [EMAIL PROTECTED] wrote:
I am proxying the packets from the Cisco through the FreeRADIUS server
to the IAS server. EAP messages are exchanged between the supplicant and
the IAS server; the Cisco AP and FreeRADIUS server do
Eliot, Wireless and Server Administrator,
Great Lakes Internet [EMAIL PROTECTED] wrote:
Is the message authenticator attribute properly implemented in
FreeRADIUS?
Huh? Would you expect the answer to be no?
This indicates that anytime it adds a Message-Authenticator attribute,
it
It would seem that I have been able to answer my own question for this.
After doing an Ethereal dump, I noticed that the Message-Authenticator
is indeed set to a valid value. This means that is simply isn't
displayed with a value (it gets printed before it is computed).
I also figured out that
I read a post from a long time ago about putting the
attribute (set to any value) in the response list, but that does not
seem to work (unless I did it wrong):
/etc/raddb/preproxy_users:
DEFAULT
Message-Authenticator = 1
You're adding it to the proxied packet. Read the
Eliot, Wireless and Server Administrator,
Great Lakes Internet [EMAIL PROTECTED]
Correct me if I'm
wrong, but EAP should be doing Message-Authenticator stuff without me
needing to tell it to add the attribute, right?
Yes.
Since you seem to know something about this, can you
6 matches
Mail list logo
