On 24/08/10 15:19, alois blasbichler wrote:
Hello list
We use freeradius with opendlap and machine-authentification
(samba-pcs) for years with success.
Windows xp and vista clients works fine.
Now i wanted to authenticate a Windows 7 laptop and i get the
following errors :
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 19
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
and then
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]<<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4
I dont use certificates neither on the server and neither on the client side.
Yes you do. PEAP requires a server cert.
I read in teh internet that also windows7 should work without
certificates - is that true ?
No it is not.
Wath can bee the problem ?
The clients don't know the server CA.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html