: John Dennis jden...@redhat.com
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
CC: Klaus Laus superkla...@gmx.de
Betreff: Re: need help - force EAP-TTLS to validate the server certificate
On 09/17/2010 11:00 AM, Klaus Laus wrote:
thanks a lot for your answer
Klaus Laus wrote:
I tried to login from another client, but it´s the same problem.
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
SSL:
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: Re: need help - force EAP-TTLS to validate the server certificate
Klaus Laus wrote:
I tried to login from another client, but it´s the same problem.
TLS Alert write:fatal:handshake failure
TLS_accept:error
Klaus Laus wrote:
The message is clear. Yes I created a client certificate and imported it into
the client.
When I use TLS to connect to the freeradius server I can choose the client
certificate in the TLS dialog and the client can login successfully.
When I use PEAP to login I have to
@lists.freeradius.org
[mailto:freeradius-users-bounces+jmdanner=samford@lists.freeradius.org] On
Behalf Of Klaus Laus
Sent: Tuesday, September 21, 2010 5:17 AM
To: FreeRadius users mailing list
Subject: Re: need help - force EAP-TTLS to validate the server certificate
The message is clear. Yes I created
misterklaus
Original-Nachricht
Datum: Tue, 21 Sep 2010 14:21:26 +0200
Von: Alan DeKok al...@deployingradius.com
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: Re: need help - force EAP-TTLS to validate the server certificate
Klaus Laus wrote
Klaus Laus wrote:
I *only* want to know all the time if it´s possible to login on a client with
user/userpassword and client certificate. I pleased you *only* to say *no* or
*yes* and maybe one sentence more.
I know you´re a freeradius expert not a M$ expert but I thought when you know
Original-Nachricht
Datum: Tue, 21 Sep 2010 08:02:27 -0500
Von: Danner, Mearl jmdan...@samford.edu
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: RE: need help - force EAP-TTLS to validate the server certificate
EAP/PEAP requires a server certificate
To: FreeRadius users mailing list
Subject: Re: RE: need help - force EAP-TTLS to validate the server certificate
A lot of thanks for your answer Mearl Danner, I read the pages of M$ but I
didn´t found any possibilitys to configure the clients so, that the client is
use a username/password and certificate. Do
- force EAP-TTLS to validate the server certificate
On 16/09/10 14:35, Klaus Laus wrote:
ok, this is the debug output:
FreeRADIUS Version 2.1.6, for host i686-pc-linux-gnu, built on Oct 27
2009 at 17:05:49
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors
On 09/17/2010 11:00 AM, Klaus Laus wrote:
thanks a lot for your answer.
Either move the files module before eap, or use unlang to set it:
authorize {
...
update control {
EAP-TLS-Require-Client-Cert = yes
}
eap
...
}
I did the changes in the authorize section, and
Klaus Laus wrote:
Thanks a lot Alan DeKok, do I have any possibility to permit login only
persons with username/password and client certificate?
All authentications methods works fine on my server, but I´ll only permit
login with username/password and client certificate. Which code I need to
: need help - force EAP-TTLS to validate the server certificate
Klaus Laus wrote:
Thanks a lot Alan DeKok, do I have any possibility to permit login only
persons with username/password and client certificate?
All authentications methods works fine on my server, but I´ll only
permit login
Klaus Laus wrote:
I did this, but the clients can login furthermore without any client
certificate for example with PEAP or EAP-TTLS. Here is my users file:
sigh Is it that hard to show the debug output?
Here's the eap.conf file
Neither the documentation or messages on this list ask
On 16/09/10 14:35, Klaus Laus wrote:
ok, this is the debug output:
FreeRADIUS Version 2.1.6, for host i686-pc-linux-gnu, built on Oct 27 2009 at
17:05:49
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Klaus Laus wrote:
Hello, I have one question, is it possible to configure my freeradius server
so that only clients with a ca certificate can login themselves with their
username and password? I want to configure my freeradius server so that the
users can only login after the successfully
-Nachricht
Datum: Wed, 15 Sep 2010 10:47:52 +0200
Von: Alan DeKok al...@deployingradius.com
An: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Betreff: Re: need help - force EAP-TTLS to validate the server certificate
Klaus Laus wrote:
Hello, I have one question
17 matches
Mail list logo