+jake.sallee=umhb@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o
rg] On Behalf Of Sallee, Stephen (Jake)
Sent: Monday, August 02, 2010 7:07 PM
To: FreeRadius users mailing list
Subject: RE: windows users having trouble authenticating
Thanks
Sallee, Stephen (Jake) wrote:
I am still getting this error in my debug output:
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
I have upgraded to version 2.1.8+dfsg-1ubuntu1, still no joy!
No amount of upgrading FreeRADIUS will make it work.
+jake.sallee=umhb@lists.freeradius.o
rg] On Behalf Of Alan DeKok
Sent: Tuesday, August 03, 2010 1:47 AM
To: FreeRadius users mailing list
Subject: Re: windows users having trouble authenticating
Sallee, Stephen (Jake) wrote:
I am still getting this error in my debug output:
rlm_eap: SSL error error
Sallee, Stephen (Jake) wrote:
Thank you for your response, I think I finally know what is going on. I
need to get a real cert from my FreeRADIUS Server, any sugestions about
which vendor, IE Verisign vs thawte vs ?
Nope.
I was under the impression that the clients was sending a cert to
On 08/03/2010 01:30 PM, Alan DeKok wrote:
Using a known root CA for RADIUS authentication isn't really
recommended.
Why?
P.S. just to clarify, it's not using a known root CA for
RADIUS authentication, rather it's using a server cert signed by a
known root CA.
--
John Dennis
John Dennis wrote:
On 08/03/2010 01:30 PM, Alan DeKok wrote:
Using a known root CA for RADIUS authentication isn't really
recommended.
Why?
P.S. just to clarify, it's not using a known root CA for
RADIUS authentication, rather it's using a server cert signed by a
known root CA.
Sure.
Message-
From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o
rg] On Behalf Of Alan DeKok
Sent: Tuesday, August 03, 2010 1:13 PM
To: FreeRadius users mailing list
Subject: Re: windows users having
Sallee, Stephen (Jake) wrote:
The various EAP methods *should* have tied usernames (i.e. domains)
to a field in the certificate. e.g. a cert with CN rad...@example.com
should be sent logins for u...@example.com, but NEVER sent logins
for u...@example.net
How does this workout with child
Alan DeKok wrote:
Sallee, Stephen (Jake) wrote:
The various EAP methods *should* have tied usernames (i.e. domains)
to a field in the certificate. e.g. a cert with CN rad...@example.com
should be sent logins for u...@example.com, but NEVER sent logins
for u...@example.net
How does this
Alan DeKok wrote:
John Dennis wrote:
On 08/03/2010 01:30 PM, Alan DeKok wrote:
Using a known root CA for RADIUS authentication isn't really
recommended.
Why?
P.S. just to clarify, it's not using a known root CA for
RADIUS authentication, rather it's using a server cert signed by a
known
AMZAING! Alan and John, you guys are on my Christmas card list now! I
had my default eap type set to mschap and was never getting prompted to
accept the server cert, john, you mentioned the mschap vs TLS and it hit
me, set eap to TLS and VOILA, the client is prompted to accept the cert
EXACTLY
I have a working FreeRADIUS server that will authenticate linux clients
happily, however my windows clients are unable to authenticate. Here is
a snippet
--
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap]
Sallee, Stephen (Jake) wrote:
I have a working FreeRADIUS server that will authenticate linux clients
happily, however my windows clients are unable to authenticate. Here is
..
[peap] TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in
Alan:
The supplicant is sending a certificate that the server doesn't
recognize.
I have turned off everything I can find on the windows box about
verifying certs and the like but still no joy. Is there a way to tell
the FreeRADIUS box to accept the cert?
What strange things show up
hi,
wierd output due to special character \t, \r , \n all did
similar things in the output (latest version has fixed for this).
issue with windows is to do with certs etc. you need to configure
the supplicant to use PEAP, not to use the windows login, if
you havent sorted out certs, then
To: FreeRadius users mailing list
Subject: Re: windows users having trouble authenticating
hi,
wierd output due to special character \t, \r , \n all did similar
things in the output (latest version has fixed for this).
issue with windows is to do with certs etc. you need to configure
16 matches
Mail list logo
