On 24/08/10 15:19, alois blasbichler wrote:
Hello listWe use freeradius with opendlap and machine-authentification (samba-pcs) for years with success. Windows xp and vista clients works fine. Now i wanted to authenticate a Windows 7 laptop and i get the following errors : [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 12 length 19 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop and then [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 7 [peap] Length Included [peap] eaptls_verify returned 11 [peap]<<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation [peap] eaptls_process returned 4 I dont use certificates neither on the server and neither on the client side.
Yes you do. PEAP requires a server cert.
I read in teh internet that also windows7 should work without certificates - is that true ?
No it is not.
Wath can bee the problem ?
The clients don't know the server CA. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
