Re: EAP-TLS cert
Kwok Sianbin wrote: Now..I want to test connecting with Windows XP but I could not find root.der or cert-clt.p12 like previous version has. raddb/certs. Read eap.conf, too. It points to the location of the default certificates. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS cert
Hi,
I've installed FreeRadius-2.0.4 and run fine.
Here a few thing I had editted.
Clients.conf
client 192.168.0.0/24 {
secret= testing123-1
shortname= private-network-1
}
eap {
default_eap_type= tls
}
tls {
fragment_size=1024
include_lenght= yes
}
users
MarsindNetCleartext_Password:= hello
Reply-Message = Hello, %{User-Name}
Now..I want to test connecting with Windows XP but I could not find
root.der or cert-clt.p12 like previous version has.
when you installed FR 2.0.x, if you did not supply your own certs, then the
first thing it would have done upon running is create its own new ones. they'll
be in $RADDB/certs - see the documentation for the files to use. if you
DID let FR generate them, they'll be snakeoil dummy certs that only last 30
days.
so you'll need to read the Makefile in the certs directory edit client.cnf and
server.cnf
appopriately and remake them(!)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS cert
Hi,
I've installed FreeRadius-2.0.4 and run fine.
Here a few thing I had editted.
Clients.conf
client 192.168.0.0/24 {
secret= testing123-1
shortname= private-network-1
}
eap {
default_eap_type= tls
}
tls {
fragment_size=1024
include_lenght= yes
}
users
MarsindNetCleartext_Password:= hello
Reply-Message = Hello, %{User-Name}
Now..I want to test connecting with Windows XP but I could not find
root.der or cert-clt.p12 like previous version has.
What files should I copy and install into Windows XP as client certificate?
Thanks in advance.
Alan DeKok [EMAIL PROTECTED] wrote: Kwok Sianbin wrote:
I am newbie to linux and recently I try to implement wireless
connnection with EAP-TLS encryption. I am using Freeradius-1.1.7
installed into Red Hat Enterprise 4.
You should really use 2.0.4.
Here I encounter problems that I can't solve it alone hence I need
advice guru from this forum.
the problem is client just can't get connected and keep request.
...
Sending Access-Challenge of id 15 to 192.168.0.206 port 1025
...
Going to the next request
Waking up in 6 seconds...
This is in the FAQ. It's also documented in the eap.conf file in 2.0.4.
Here I post the CA.certs execution result as I suppect that the errors
might be due to certificate error.
When I run ./CA.certs and I got a few errors.
2.0.4 also contains new scripts for certificate creation. They're
MUCH better than what's in 1.1.7.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
