QUESTION: How to do a COMPUTER NAME (not user name) 802.1x (RADIUS) authentication with wpa_supplicant in Ubuntu 12.04?
macarthorzhuce at 126.com
Wed Apr 3 02:53:43 EDT 2013
any one who can help? any clues are appreciated.
I've make a machine certificate by "Computer" and "Workstation Authentication" certificate templates on DC CA, but it does not work: the error in NPS event log is also "credential mismatch". The two templates do client and/or server authentication.
在2013/03/29， "McArthor Lee" <macarthorzhuce at 126.com> 写道：
Yes, I think the problem may lie in the certificate.
I made the certificate by the steps stated in my first email. The "identity" field of wpa_supplicant.conf is computer name "host/ubuntu.nps.test", while the certificate only contains information about the "testadmin" user. The information sent to NPS server is mismatch, I think, but I don't know what's the correct thing to do a computer name authentication.
At 2013-03-29 15:19:28,"Jouni Malinen" <j at w1.fi> wrote:
>On Fri, Mar 29, 2013 at 09:30:36AM +0800, McArthor Lee wrote:
>> I'm not using NM to configure 802.1x. I'm configuring 802.1x with wpa_supplicant directly. And I'm trying to do a computer name authentication. I wonder if wpa_supplicant supports such authentication, and how to do it.
>In most cases, I'd expect this to be just a configuration question,
>i.e., to set the identity and certificate parameters that the server
>side expects. I'm not sure what the exact NPS requirements here are, so
>it is a bit difficult to comment on what could be missing or incorrect.
>Anyway, the reason for denying authentication was "Authentication failed
>due to a user credentials mismatch. Either the user name provided does
>not map to an existing user account or the password was incorrect."
>which does not more like something being different in identities rather
>than something missing from implementation.
>Jouni Malinen PGP id EFC895FA
>HostAP mailing list
>HostAP at lists.shmoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP