@Arran Cudbard-Bell
/ Is the prefix and suffix to the regular expression string. Any
characters after the / suffix are used as modifiers. FreeRadius only
supports the i modifier to make matches case insensitive.
resolves to a literal back-slash. Regular expressions use the \ char as
You have to install the ca certificate and the client certificate on the
client-computer, why should client cert by signed from the server cert?
Because the idea is to authenticate those users to *that* server, not to
*every* server that got the certificate from that CA. With your approach
the
You have to install the ca certificate and the client certificate on the
client-computer, why should client cert by signed from the server cert?
Because the idea is to authenticate those users to *that* server, not to
*every* server that got the certificate from that CA. With your
@Arran Cudbard-Bell
Write a regular expression to strip off the proceeding \
Heres one I did earlier If I remember correctly it's to escape to
one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
literal in the regular expression...
I'm not so familiar with
Stefan Puch wrote:
@Arran Cudbard-Bell
Write a regular expression to strip off the proceeding \
Heres one I did earlier If I remember correctly it's to escape to
one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
literal in the regular expression...
@Alan DeKok
I'll bet that if you posted the final Access-Accept from 1.1.7 and from
2.0.1, that they would be *different*. If you make them the same, I'll also
bet that the NAS will accept the user.
You were right (you win the bet), I accidentally commented out an entry in the
default-file,
Stefan Puch wrote:
@Alan DeKok
I'll bet that if you posted the final Access-Accept from 1.1.7 and from
2.0.1, that they would be *different*. If you make them the same, I'll also
bet that the NAS will accept the user.
You were right (you win the bet), I accidentally commented out an
Jeffrey Hutzelman wrote on 04.02.2008 00:43:
--On Thursday, January 31, 2008 05:42:50 PM +0100 Reimer Karlsen-Masur,
DFN-CERT [EMAIL PROTECTED] wrote:
If the Microsoft Smartcard Logon extendedKeyUsage *is part* of your
client certificates they might not work with Windows build-in
--On Thursday, January 31, 2008 05:42:50 PM +0100 Reimer Karlsen-Masur,
DFN-CERT [EMAIL PROTECTED] wrote:
If the Microsoft Smartcard Logon extendedKeyUsage *is part* of your
client certificates they might not work with Windows build-in supplicant.
This is not surprising, if that is the only
Stefan Puch wrote:
Therefore the Makefile is used in the same directory. I'm not really sure, but
in Line 93 where the client.pem is created it must be
-passin pass:$(PASSWORD_CLIENT) instead of -passin pass:$(PASSWORD_SERVER)
Thanks. I've fixed that.
It would also be helpful to integrate
@Reimer Karlsen-Masur
If the Microsoft Smartcard Logon extendedKeyUsage *is part* of your client
certificates you could work around this by disabling the trust setting of
valid certificate usage Microsoft Smartcard Logon in the CAs properties in
Windows build-in certificate store on the PDA.
Stefan Puch wrote on 01.02.2008 09:57:
@Reimer Karlsen-Masur
If the Microsoft Smartcard Logon extendedKeyUsage *is part* of your client
certificates you could work around this by disabling the trust setting of
valid certificate usage Microsoft Smartcard Logon in the CAs properties in
Windows
Stefan Puch wrote:
- running bootstrap creates ca.pem, server.pem, dh and random which are used
with the radius server (server.pem is signed with ca.pem)
- running make client.pem creates a client certificate which is signed by the
server certificate (in my opinion that cannot work
I
The first question I would like to get an answer for is: Which certificate
is
needed to sign the client certificate, the CA certificate or the server
certificate?
It's nonsense, that the server certificate signs the client certificate... it
must be signed by the ca certificate.
Sebastian
Stefan Puch wrote on 31.01.2008 17:05:
Hello again,
...
@Reimer Karlsen-Masur
We know of problems with EE certificates in PDAs containing the
non-repudiation flag.
If the non-repudiation keyUsage *is part* of your client certificates they
might not work with some PDAs build-in supplicants.
Stefan Puch wrote:
Then some people came with their mobile devices which are running Windows
Mobile 2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the
problems began. The same EAP-TLS certificate which worked fine on a Windows
XP machine doesn't work on e.g. Windows Mobile 6 PDA.
Stefan Puch wrote on 30.01.2008 11:13:
Hello everyone,
I've got some problems with the new version of freeradius, but before I'm
going
to open a new bugreport or post long debugtraces from radiusd -X I want to
ask
here if someone else has made similar experiences.
I've set up a
Stefan Puch wrote:
Then some people came with their mobile devices which are running Windows
Mobile
2003, Windows Mobile 5 (WM5) or Windows Mobile6 (WM6) and the problems began.
The same EAP-TLS certificate which worked fine on a Windows XP machine doesn't
work on e.g. Windows Mobile 6 PDA.
18 matches
Mail list logo
