wpa/winxp/peap, hostapd+madwifi - no response to EAP Identity?

Bryan Kadzban bryan at kadzban.is-a-geek.net
Mon Jan 2 15:30:49 EST 2006


Rusty Chris Holleman wrote:
> I now get stuck at messages from SSL that appear to be saying the 
> client does not like the certificate.  I'm going to research this
> some, but if anyone knows the particular cause of this kind of error
> do tell.

First guess:  Make sure the issuer of the cert that your RADIUS server
is using is signed by a CA that the client trusts.  (It has to be in the
"trusted root CA" store in the certs MMC.  You have to create this MMC;
instructions are somewhere in [1].)

If so, then the XP supplicant can be configured to only connect to a
server cert that's been signed by a subset of the trusted root CAs --
the setting is called "validate server certficate", and it's under the
PEAP properties.  It's turned on by default, so you have to check the
root CA that signed your server's cert.  Maybe your supplicant has a
similar setting?

[1] http://www.freeradius.org/doc/EAPTLS.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060102/51be6d86/attachment.pgp 


More information about the HostAP mailing list