I posted 3 days ago an mesage with 2 logfiles out of radius. Because this is a part of my Projekt for my final exam as an IT-Engineer it is verry important for me getting this working. Maybe someone of you has any further idea? Or would it be better to contact the openssl Team for this issue? You think this is an Certificate Problem or a Problem of the Freeradius Config?
Greetings Armin -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Armin Krämer Gesendet: Freitag, 6. Januar 2006 22:21 An: freeradius-users@lists.freeradius.org Betreff: Noone anny idea fot --> TLS Athentifikation before Domain, Logon XP? Sorry, forgotte to attach the files... Okay, i tested on and found an difference. I attach 2 Files. One is the output with an normal Client-Certificate the other with an Certifikate with the OID 1.3.6.1.4.1.311.17.2. In both cases the Certifikate is rejected with Error in Certifikate A. The Client Certifikate ist tested as Client-Certifikate and works when installed as an normal Account Certifikate. Sems like the mistake is at the Certifikate itself??? When i generated the Special Machine Certifikate i changed out the normal OID against the other one described above. Or may i have to add OID as a second OID to the certifikate? Thanks for helping. :-) -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 6. Januar 2006 21:11 An: [EMAIL PROTECTED] Betreff: Re: Noone anny idea fot --> TLS Athentifikation before Domain, Logon XP? Hello, - login as local administrateur - start mmc.exe - add certificate / computer account / local computer (note sure for names, my XP is french, so I translate) - Then, in the tree, select root certification autority/Certificates - Right click, All tasks/Import - select your "root.der" - Then, in the tree, select Personnal/Certificates - Right click, All tasks/Import - select your "machine.p12" - enter your "private key" - close mmc - set AuthMode to "2" in registry - in computer panel/Network connection/wireless connection - tab "Association" WPA & TKIP - tab "Auth" check "Authenticate as computer..." - tab "Auth"/Properties check "Validate serveur certificate" and select your certificate in the list, !!! Be aware, in "property", you add to check "Connexion to these servers", but let it uncheck for testing - Pray... ;-) Hope it helps. FYI, it works for me. Regards, Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html