On 9/4/06, Alexandros Gougousoudis <[EMAIL PROTECTED]> wrote:
I read that again and again, but I already have these OID in the certs.
Here a dump of my server-cert:
No, you don't.
from Alan's post:
# 1.3.6.1.4.1.311.17.2
while "TLS Web Server Authentication" is 1.3.6.1.5.5.7.3.1
and "TLS Web Client Authentication" is 1.3.6.1.5.5.7.3.2
What else could be a problem? How do you guys handle the
"host/<netbiosname>" problem? Could that brake the cert?
Currently that doesn't even get considered, as according to your log
you don't check for the CN. Afaik you might strip it by using the
with_ntdomain_hack directive.
Further changes changes depend on the eap type you want to use. I have
already asked about that.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
