machine: TLS_accept:error in SSLv3 read client certificate A user: (other): SSL negotiation finished successfully
There doesn't seem to be a machine certificate in the certificate store. Ivan Kalik Kalik Informatika ISP Dana 18/1/2008, "Michael Olson" <[EMAIL PROTECTED]> piše: >I'm attempting to use FreeRADIUS to do EAP-TLS with Windows XP using machine >authentication. I set up FreeRADIUS following the guide at >http://wiki.freeradius.org/WPA_HOWTO#Step_2:_Configure_FreeRADIUS and I'm using >OpenSSL to generate the cetificates. > >I can authenticate using user certificates fine, so I'm pretty sure all the >Certificates & CA setup is right on the RADIUS server certificate, User >certificate, and the Root Certificate. That leaves the Computer Certificate. > >I generated the computer certificate to have the common name be the machine >name (I've tried it plain and FQDN) and I've put the FQDN is the altSubjectName >field as well. It has the same usage extensions as the User certificates. >(TLS Client Auth: 1.3.6.1.5.5.7.3.2) I set the AuthMode registry key to >Computer Only (2), and it trys to authenticate which suggests that the >workstation is okay with the certificate. > >Computer Certificate details: http://www.cs.odu.edu/~olson/eap/computer.crt.txt > >Other than that I can't think of where to look for a problem. Comparing logs >between user and computer authentication I can see where it starts differing >but I can't find anything I can interpret as to why. Nothing seems to fail for >the computer, it just cycles endlessly. > >Successful User Authentication Log: > http://www.cs.odu.edu/~olson/eap/eap-tls_user_auth.log > >Failed Computer Authentication Log: > http://www.cs.odu.edu/~olson/eap/eap-tls_computer_auth.log > >I also tossed out the windows tracing logs for both user and computer auth > and anything else that seemed useful in > http://www.cs.odu.edu/~olson/eap/ > >Can anybody give me a pointer on where to look for problems? > >Thanks > >-- Mike Olson > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
