I tried upgrading to 2.0.0, very close to a stock default config and I'm
getting the same symptoms, user works, computer doesn't. Makes me even
more suspicious of my certificates. I updated the files listed below to
new logs generated from 2.0.0.
I saw the note to in certs/xpextensions to add 1.3.6.1.4.1.311.17.2 to
the PKCS#12 file attribute bag. I hacked up OpenSSL a bit to get that to
work and I posted the output from an openssl pkcs12 dump to
http://www.cs.odu.edu/~olson/eap/computer.p12.txt , unfortunately that
didn't seem to help.
I'm pretty much dead on ideas at this point, besides Ivan Kaliks
suggestion that I look into the $ appended to the machine name. (Which
I'm pursuing next.)
Thanks
-- Mike Olson
Michael Olson wrote:
I'm attempting to use FreeRADIUS to do EAP-TLS with Windows XP using
machine
authentication. I set up FreeRADIUS following the guide at
http://wiki.freeradius.org/WPA_HOWTO#Step_2:_Configure_FreeRADIUS and
I'm using
OpenSSL to generate the cetificates.
I can authenticate using user certificates fine, so I'm pretty sure
all the Certificates & CA setup is right on the RADIUS server
certificate, User certificate, and the Root Certificate. That leaves
the Computer Certificate.
I generated the computer certificate to have the common name be the
machine
name (I've tried it plain and FQDN) and I've put the FQDN is the
altSubjectName
field as well. It has the same usage extensions as the User
certificates. (TLS Client Auth: 1.3.6.1.5.5.7.3.2) I set the AuthMode
registry key to Computer Only (2), and it trys to authenticate which
suggests that the workstation is okay with the certificate.
Computer Certificate details:
http://www.cs.odu.edu/~olson/eap/computer.crt.txt
Other than that I can't think of where to look for a problem.
Comparing logs between user and computer authentication I can see
where it starts differing
but I can't find anything I can interpret as to why. Nothing seems to
fail for
the computer, it just cycles endlessly.
Successful User Authentication Log:
http://www.cs.odu.edu/~olson/eap/eap-tls_user_auth.log
Failed Computer Authentication Log:
http://www.cs.odu.edu/~olson/eap/eap-tls_computer_auth.log
I also tossed out the windows tracing logs for both user and computer
auth
and anything else that seemed useful in
http://www.cs.odu.edu/~olson/eap/
Can anybody give me a pointer on where to look for problems?
Thanks
-- Mike Olson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
