LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

February 2010

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS February 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: WPA2 setup Certificate problems
From:	Mike Diggins <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 4 Feb 2010 13:25:07 -0500
Content-Type:	multipart/mixed
Parts/Attachments:	text/plain (3091 bytes) , mike_diggins.vcf (314 bytes)

Thanks. One other thing I didn't understand is if the certificate had to 
be for the radius server host itself (i.e. certificate name matches the 
radius server name), or can I use the same certificate on both my radius 
servers? Right now I'm experimenting with a certificate that is from a 
different server. In my Windows settings I select the validate 
certificate option, type in the common name from the certificate into 
the "Connect to these servers" field, then select the Trusted Root 
Certification Authority that matches the cert. That isn't working though.

-Mike


On 04/02/2010 1:06 PM, Mark Duling wrote:
> Mike,
>
> The problem is a general problem and not unique to FreeRadius.  We had the
> same problem for Windows (and not with Mac) with another radius vendor
> (radiator) but we were able to work around it easily because we use an
> installation wizard called XpressConnect from Cloudpath that automates
> making wireless settings.  What you need to do is check the "validate server
> certificate" box in the win wireless setup and then in the "Connect to these
> servers" check box immediately below enter in the radius hostname.
>
> I had done some research at the time and satisfied myself that there wasn't
> anything else I could do, but I can't remember all the details now and I
> don't recall hearing about "XP Extensions" for certs at the time FWIW.
>
> Mark
>
>
>
> On 2/4/10 9:26 AM, "Mike Diggins"<[log in to unmask]>  wrote:
>
>> I saw that but wasn't sure if it was a general problem or a FreeRadius
>> specific problem. Has anyone else had to obtain a "special" certificate
>> to make Windows WPA work? I have a feeling I'm going to get a blank
>> stare if I ask for that ;)
>>
>> -Mike
>>
>> On 04/02/2010 12:12 PM, Bruce Hudson wrote:
>>>> Slightly off topic, but I'm trying to configure FreeRadius V2 to work
>>>> with the Cisco Wireless Lan Controllers using WPA2. I'm running into
>>>> trouble with Windows clients. If I configure them NOT to verify the
>>>> certificate from the Radius Server, it connects. As soon as I configure
>>>> the "Verify Certificate" option, it fails. The Diagnostic seems to
>>>> indicate that it doesn't trust the certificate from the Radius Server,
>>>> which is a CA signed Verisign cert. A Mac client presents the
>>>> certificate on login, and I can either accept it or not. Windows isn't
>>>> doing that, it just fails.
>>>
>>>       The README file in FreeRadius certs directory includes the following
>>> statement:
>>>
>>>     The Microsoft "XP Extensions" will be automatically
>>> included in the server certificate.  Without those
>>> extensions Windows clients will refuse to authenticate
>>> to FreeRADIUS.
>>>
>>> I would guess that the certificate you got from Verisign does not include
>>> the extensions. If you figure out how to get them, please let me know.
>>> Dealing through our local certificate maintainer, I never could get an
>>> answer (or clear indication they knew what I was asking for).
>>> --
>>> Bruce A. Hudson    | [log in to unmask]
>>> ITS, Networks and Systems  |
>>> Dalhousie University   |
>>> Halifax, Nova Scotia, Canada  | (902) 494-3405

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU