[RADIATOR] problem connecting with EAP-TLS
Heikki Vatiainen
hvn at open.com.au
Fri Jan 9 04:38:53 CST 2015
On 8.1.2015 8.53, Sharma, Venkatesh IN BLR STS wrote:
> After I fixed it, I faced another problem (this time it is a Win 8 client). I noticed that the client was sending the wrong certificate (another certificate from the personal store) and authentication was failing due to that. It started working when I deleted all certificates and kept only the Radiator's sample client certificate.
>
> Am I missing something in my configuration? Why is the client system not able to select the right certificate when there are multiple certificates in the store?
I think the behaviour depends on the client configuration. Certificate
request the server sends does include the DN (expected name) for the CA.
You may want to check the Microsoft information about how the
certificate selection is done by the client and see if and how the user
interface options, for example "Use simple certificate selection",
affect the certificate selection.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list