The weird thing is that I didn't see that popup
On Wed, Oct 26, 2011 at 5:07 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/26/2011 07:53 PM, Francois Gaudreault wrote:
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
There are a
On 27/10/11 13:12, Bonald wrote:
The weird thing is that I didn't see that popup
That is very odd.
I just tried this again; purged the CA from the User Machine lists,
deleted the wired 802.1x profile and re-connected. 1st time - no joy
because the CA is unknown. Import the CA retry and I
Exactly, I have a GPO that's pushing some wireless profiles. When
disabling this GPO I see the popup.
On Thu, Oct 27, 2011 at 9:37 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 27/10/11 13:12, Bonald wrote:
The weird thing is that I didn't see that popup
That is very odd.
I just tried
On 27/10/11 15:18, Bonald wrote:
Exactly, I have a GPO that's pushing some wireless profiles. When
disabling this GPO I see the popup.
Sigh.
I hate windows.
I'm glad you've got it sorted out. If you find time to write some docs
in the wiki that describe which GPO objects caused what
On 26/10/11 13:49, Bonald wrote:
WARNING: !! EAP session for state 0xd4ade9e4d6a8f086 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
Did you follow the link? Did you read it?
Most likely, you need to ensure your certificate CA is trusted by the
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
On Wed, Oct 26, 2011 at 10:14 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/10/11 13:49, Bonald wrote:
WARNING: !! EAP
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
Well, I guess it's just broken then. Oh well.
Seriously - it's important to understand that
Phil Mayers wrote:
Seriously - it's important to understand that the CLIENT stops
responding. FreeRADIUS can't do anything more in this case - the client
has stopped sending EAPOL packets, so the client must think that
something is wrong.
That's the main issue people have with RADIUS. The
To: freeradius-users@lists.freeradius.org
Subject: RE: PEAP with Machine auth
This kind of QA thing helps no one here! Many people are reporting the same
issue on different platforms! I don't think the problem is either with the
client or the certificates since I conducted some testing using the same client
Francois Gaudreault wrote:
Even more weird, we have had the same issue lately with one controller
model, and not the other. We were using the same config on the client,
on the server, and the same certs.
Ouch. The whole EAP ecosystem is fragile to the point of insanity.
There are times
Even more weird, we have had the same issue lately with one controller
model, and not the other. We were using the same config on the client,
on the server, and the same certs.
Ouch. The whole EAP ecosystem is fragile to the point of insanity.
There are times when I'm surprised it
On 26/10/11 14:58, Phil Mayers wrote:
On 26/10/11 14:47, Sergio NNX wrote:
This kind of QA thing helps no one here! Many people are reporting the
same issue on different platforms! I don't think the problem is either
with the client or the certificates since I conducted some testing using
the
On 26/10/11 16:14, Phil Mayers wrote:
Sorry, this is long.
tl;dr version - under Windows 7, if you import the CA certificate into
the Trusted Root Certification Authorities hierarchy in the MMC
Certificates snap-in, Windows 7 user- and machine-auth work just fine
against an out-of-the-box
If you are using the default config then your eap.conf must have
default_eap_type = md5
Try with peap.
On Wed, Oct 26, 2011 at 12:14 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 26/10/11 14:58, Phil Mayers wrote:
On 26/10/11 14:47, Sergio NNX wrote:
This kind of QA thing helps no one
On 26/10/11 16:54, Bonald wrote:
If you are using the default config then your eap.conf must have
default_eap_type = md5
Yes. The client NAKs the EAP-MD5 and asks for PEAP.
Try with peap.
Just to placate you, I have done so. It made no difference, except save
one round-trip. User- and
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
What is the client operating system and version, including service pack?
Are you using the
On 26/10/11 17:15, Phil Mayers wrote:
On 26/10/11 14:24, Bonald wrote:
Yes i've read it.
Yes the certificate is trusted on the machine and the user store.
It must be something else, using USER auth it's working. MACHINE auth
is failling.
What is the client operating system and version,
Client is Windows7 w/SP1. Using Cisco PEAP it's working. When using
Microsoft PEAP it's failing for machine auth.
I am on WLAN
netsh wlan show profile just shows my SSID
That fixed my problem. I needed to check the correct CA in the
protected PEAP properties.
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
That would mean windows is trying to validate server cert when doing
machine auth even if the profile says otherwise??
On 11-10-26 2:36 PM, Bonald wrote:
Client is Windows7 w/SP1. Using
On 10/26/2011 07:53 PM, Francois Gaudreault wrote:
Correct me if I am wrong, but that should not be needed when you are not
validating server certificate.
There are a few issues; let me try to lay them out.
First: it seems you MUST install the CA on the client (in one or both of
the user or
20 matches
Mail list logo
