I tried certificates from Adam Sulmicki's cert.tgz packet. I set the server date to
28.2 and on the laptop to 28.2. (the certificate is valid from and expires on that
day). And the EAP/TLS authentication worked!
I finally got:
Sending Access-Accept of id 50 to 194.142.202.102:6001
MS-MPPE-Recv-Key =
0x60b16b18235e7a9fde64aabf7ddb3248540cb7dcaff967454af4c39270ae1607
MS-MPPE-Send-Key =
0x7236809f4cc3667478644304136783a2604a5a3607d9215f279aa97edcfeac2c
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
But the certificate problem still remains. The certificate generated with the script
which came from Freeradius package says on the w2k machine(on the certificate
path):"The certificate has a non-valid digital signature" I think this is the problem.
The Adam's certificate seems fine on the computer.
We will try different OpenSSL versions (we used the versions required in Ken Roser's
guide, the SNAP was of course newer) but if this doesn't work we'll try to generate
the certificates with Novell Certificate server that we are using. If it doesn't
produce certificate files needed for Freeradius we need to buy somebody to make the
certificates with OpenSSL for us. Fortunately the certificates must be generated only
once. So if we get a working certificate set we don't have to buy a consultant to do
the stuff ever again.
Best regards:
Antti Mattila
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
