"Jack Daniels" <[EMAIL PROTECTED]> wrote: > Is there a way to dump more information about what is going on in the TLS > conversation in freeradius?
No. What more information do you think you would need? > Why even if EAP doesn't fail it can't reach the mschap part? Because the Windows client stops talking to the server. > Should I consider this part > (other): SSL negotiation finished successfully > rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) > SSL Connection Established > as a failure or a success? I could swear that message has the word "successfully" in it. That looks a whole lot like "success" to me. > In the client computer, if I uncheck the "Validate server certificate" > option everything runs smoothly. Then the problem is that you didn't create the certificates with the magic OID's. See http://wiki.freeradius.org/WPA_HOWTO and http://www.alphacore.net/contrib/nantes-wireless/eap-tls-HOWTO.html If you didn't use the "xpextensions" file, Windows won't like the certs. > I'm using FreeRadius v 1.1.3. Certificates when created were verified with > openssl verify and everything was ok. They're certs, but they're not certs Windows likes. I think for the next rev of the server, we'll take a look at putting huge screaming messages in the logs if the certs don't have the OID's. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
