Please don't mess with configuration. Default one works. Your problem was with the user certificate.
http://www.procurve.com/NR/rdonlyres/06538B80-6DB0-4AC6-893E-8E8E12A180C6/0/ConfiguringFreeRADIUSwithIDMbyExample_Dec_07_WW_Eng_Ltr.pdf On page 52 you have a picture of the Details tab list with Enhanced Key Usage filed containing client OID. Does your client certificate have that field and that value? Ivan Kalik Kalik Informatika ISP Dana 7/5/2008, "Joel MBA OYONE" <[EMAIL PROTECTED]> piše: >Ok, > >i think i really missed something! that config should take less than 15 >minutes but i can't solve my problem for more than a week. > >Alan or Ivan, could you give me a half our to help me to fix my RADIUS EAP-TLS >config please. i would like to give you a full access to my network and my >terminal too, so the diagnostic should be very very easy for you! >is it possible? > > >MBA OYONE JoĂŤl >Lot. El Firdaous >Bât GH20, Porte A 204, Appt 8 >20000 Oulfa >Casablanca - Maroc > >TĂŠl. : +212 69 25 85 70 > > >----- Message d'origine ---- >De : Alan DeKok <[EMAIL PROTECTED]> >Ă� : FreeRadius users mailing list ><[email protected]> >EnvoyĂŠ le : Lundi, 5 Mai 2008, 17h18mn 10s >Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ?? > >Joel MBA OYONE wrote: >... >> The VLAN attributes defined in RFC3580 are as follows: >> â�˘ Tunnel-Type=VLAN (13) >> â�˘ Tunnel-Medium-Type=802 >> â�˘ Tunnel-Private-Group-ID=VLANID >> >> NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, >> which >> is why client entries use 6 for the Tunnel-Medium-Type value. > > No. For Tunnel-Medium-Type, "802" is a *name*, not a *number*. See >Section 3.2 of RFC 2868: > >... > Value > The Value field is three octets and contains one of the values > listed under "Address Family Numbers" in [14]. For the sake of > convenience, a relevant excerpt of this list is reproduced below. > > 1 IPv4 (IP version 4) > 2 IPv6 (IP version 6) > 3 NSAP > 4 HDLC (8-bit multidrop) > 5 BBN 1822 > 6 802 (includes all 802 media plus Ethernet "canonical format") >... > > FreeRADIUS gets it *right*. Many NAS vendors get it *wrong*. > >> To create a user and assign the user to a particular VLAN by using >> FreeRADIUS, open the >> etc/raddb/users file, which contains the user account information, and add >> for the new user. >> The following example shows the entry for a user in the users file. The >> username is >> â��johndoe,â�� the password is >> â��test1234.â�� The user is assigned to VLAN 77. >> >> johndoe Auth-Type: = EAP, User-Password == â��test1234" >> Tunnel-Type = 13, >> Tunnel-Medium-Type = 6, > > Or: Tunnel-Medium-Type = IEEE-802 >.... >> >> in both cases, it stays on "IDENTITY VALIDATION" in xp wireless management >> and sometime i receive the right ip adresss in the right IP Pool. ut lost it >> immediately, maybe cause of the repeating cycle of athentication sequence. >> AND, the client certificate, signed by the Server (not the CA root) is still >> with the same message. >> >> >> hope it would be helpfull !! > > Arg. Microsoft keeps putting magic nonsense into their OS's to make >it difficult to use non-Microsoft RADIUS servers. > > And yes, this *is* a problem even inside of Microsoft! So if you're >finding it a PITA to get it working, rest assured that Microsoft does, too. > > Alan DeKok. >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >__________________________________________________ >Do You Yahoo!? >En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible >contre les messages non sollicitĂŠs >http://mail.yahoo.fr Yahoo! Mail > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
