Joreggelt,

van nekem egy freeradiusom, egy OpenWrt-t futtato Asus AP-m es egy WinXP
SP2-es notebookom.

Csinaltam egy CA-t az openvpn easy-rsa scriptjeivel; a CA certje 15 evig
ervenyes. Csinaltam egy certet a radiusnak, amit ez a CA irt ala es 10 evig
ervenyes.

Beimportaltam a root CA-t a windowsban a trusted root CAs-ba. Ha megnyitom a
windows-zal a radius .crt-jet, azt mondja, a cert OK.

A radiusnak beadagoltam a tanusitvanyokat es a titkos kulcsot:

tls {
private_key_file = ${raddbdir}/certs/ize.key
certificate_file = ${raddbdir}/certs/ize.crt
CA_file = ${raddbdir}/certs/ca.crt

Ezek utan a windows csak akkor hajlando kapcsolodni a halozathoz, ha
kikapcsolom a 'validate server certificate' opciot; ellenkezo esetben ezt
latom a freeradius -x-ben:

(other): SSL negotiation finished successfully
Sending Access-Challenge of id 0 to 1.6.2.2 port 1025
EAP-Message = 0x0105003119001403010001011603010020960dae4d1faf808344a25789565180ecb4664a0ccdb6ab5fcd2ea219a94cebd4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x47f1fe948dba326eb8338f16c90b62af
rad_recv: Access-Request packet from host 1.6.2.2:1025, id=0, length=165
User-Name = "valaki"
NAS-IP-Address = 152.66.244.224
Called-Station-Id = "0015f23d704d"
Calling-Station-Id = "000e35fe1dc2"
NAS-Identifier = "0015f23d704d"
NAS-Port = 33
Framed-MTU = 1400
State = 0x47f1fe948dba326eb8338f16c90b62af
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02050021198000000017150301001238d13ef4bbe10657ddd1eaf652c04f4184ca
Message-Authenticator = 0x60e57e913f165fc53a53502c5c85eef1
rlm_eap_tls: Length Included
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
Login incorrect: [valaki] (from client tmit.E port 33 cli 000e35fe1dc2)

Mi lehet a baj?

PEAP-on belul EAP-MSCHAP-v2 hitelesitest akarnek hasznalni. Mindezt mar
lattam mukodni, latszolag azonos konfiguracioval, ugyhogy nem nagyon ertem,
mit rontok el.

Guy