Stefan Winter ha scritto:
Hi!
It is incredible! I have just installed SecureW2 and all is ok now!
Have you any idea why XP SP2 didn't work? For my user will be more
comfortable use XP interface instead install and use SecureW2.
I guess that is because Windows XP requires the TLS Server Certificate
Extension to be present in the certificate, while SecureW2 doesn't.
You can easily verify if your certificate is right for Win XP:
openssl x509 -in certfile.pem -text
The output must contain the following lines:
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
If this extension isn't present, things won't work with the built-in
supplicant, then you need another certificate. SecureW2 is not as picky about
that, so the cert is still fine for SecureW2 and EAP-TTLS.
I have manually generated the certificate three days ago, so I serach the right
way to generate the certificate with right extension, thanks.
Windows XP supplicant being more comfortable? Arguably. Personally, I find it
one of the worst-ever designed User Interfaces. Almost no one gets the
correct, secure configuration right on first attempt.
You can generate an automated installer with SecureW2, where most of the
settings for your users are preconfigured (a "Site Deployment"). This makes
it almost as easy as a double-click to get things running.
Interesting, I'll checking also this possibility. Alsi I think that it is better
than XP dialogs!
A second problema. I have activate accounting but in "radacct" (log file
and mysql table) I can't see the IP address of the supplicant client. I see
only the nas ip address.
There are some parameter to secify to add this feature?
Well, the server can only log what the NAS (Access Point) sends to it. You
will need to configure your Access Point to send the client's IP address. It
depends on your model of Access Point how to do this, if it's at all
possible. I don't have a 3Com Access Point, so I have no idea how to do it.
It sure comes with a manual, though.
OK.
Thanks again for your support!
Alessandro
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
