[RADIATOR] problem connecting with EAP-TLS

Heikki Vatiainen hvn at open.com.au
Fri Jan 9 04:38:53 CST 2015


On 8.1.2015 8.53, Sharma, Venkatesh IN BLR STS wrote:

> After I fixed it, I faced another problem (this time it is a Win 8 client). I noticed that the client was sending the wrong certificate (another certificate from the personal store) and authentication was failing due to that. It started working when I deleted all certificates and kept only the Radiator's sample client certificate.
>
> Am I missing something in my configuration? Why is the client system not able to select the right certificate when there are multiple certificates in the store?

I think the behaviour depends on the client configuration. Certificate 
request the server sends does include the DN (expected name) for the CA. 
You may want to check the Microsoft information about how the 
certificate selection is done by the client and see if and how the user 
interface options, for example "Use simple certificate selection", 
affect the certificate selection.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, 
NetWare etc.


More information about the radiator mailing list