I think the problem is the Windows Supplicant because i use a "Intel PROSet Wireless" to connect with success.
Need to add [ xpclient_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ xpserver_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.1 to the PKCS#7 keybag attributes holding the client's private key. Already search in here but the two info pages I find are broken: http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm http://www.hep.phys.soton.ac.uk/~jhe/documents/WPA-Authentication+RADIUS-HOW TO.html How can I do this ? Thanks -----Original Message----- From: freeradius-users-bounces+pedrojmalves=gmail....@lists.freeradius.org [mailto:freeradius-users-bounces+pedrojmalves=gmail....@lists.freeradius.org ] On Behalf Of Alan DeKok Sent: sexta-feira, 30 de Abril de 2010 8:58 To: FreeRadius users mailing list Subject: Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP Pedro Alves wrote: > Using JRadiusSimulator to test and receive "Sending Access-Accept" :) > > But when i use a client AP Cisco Aironet 1121, only users from "files" can > connect, users on AD dont. ... > Sending Access-Challenge of id 110 to 10.1.3.17 port 1645 > EAP-Message = > 0x011c004a1900170301003faca645f76e5aff8c761515bd9d8c3213f7e06d164a58508ec372 > 6451efcaa894181735f73811912c526d93579a32e2887690f78fb267de6af44993815d126a > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xac9d3931ab8120751e3f7dd68458a60f > Finished request 149. > Going to the next request > Waking up in 4.7 seconds. See the FAQ and the comments in eap.conf in recent versions of the server. It may also be a Samba bug. See: https://bugzilla.samba.org/show_bug.cgi?id=6563 Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
