Ok, that's what I was looking for! putting DEFAULT in the file yields the
desired behavior.
Thanks!
Joy
On 12/8/11 5:47 PM, "Heikki Vatiainen" wrote:
>On 12/09/2011 12:31 AM, Joy Veronneau wrote:
>> Hmm, but EAPTLS_NoCheckId also doesn't check that the cert name matches
>> the computer name. S
On 12/09/2011 12:31 AM, Joy Veronneau wrote:
> Hmm, but EAPTLS_NoCheckId also doesn't check that the cert name matches
> the computer name. Seems like I would want the cert name checked?
> Is there a way I can still check the cert name?
In this case you could try not enabling EAPTLS_NoCheckId and
Hmm, but EAPTLS_NoCheckId also doesn't check that the cert name matches
the computer name. Seems like I would want the cert name checked?
Is there a way I can still check the cert name?
Sorry to have so many questionsÅ
Thanks,
Joy
On 12/8/11 5:26 PM, "Heikki Vatiainen" wrote:
>On 12/09/2011 12
On 12/09/2011 12:15 AM, Joy Veronneau wrote:
> But if I do that, I will still have to have the names of the machines in
> the tls_anon file, wouldn't I?
Good point, I overlooked that part. Please see ref.pdf section "5.20.46
EAPTLS_NoCheckId". You can turn off the name check.
Thanks!
Heikki
> T
But if I do that, I will still have to have the names of the machines in
the tls_anon file, wouldn't I?
Thanks,
Joy
On 12/8/11 5:07 PM, "Heikki Vatiainen" wrote:
>On 12/07/2011 11:42 PM, Joy Veronneau wrote:
>
>Hello Joy,
>
>> I am still working on my machine based authentication config.
>>
>
On 12/07/2011 11:42 PM, Joy Veronneau wrote:
Hello Joy,
> I am still working on my machine based authentication config.
>
> Config1 (below) works fine but requires that the names of the machines be
> listed in the file tls_anon.
Try with something like this:
AuthByPolicy ContinueWhileAccept
Hi,
I am still working on my machine based authentication config.
Config1 (below) works fine but requires that the names of the machines be
listed in the file tls_anon.
I need to modify this config so that I do not need to maintain a list of
host names on the radiator server and so that I can ex
On 11/19/2011 12:18 AM, Joy Veronneau wrote:
> I think I need some more help with my config. It is working ok for my
> machine cert based authentication, but only if I put the name of the
> machine in a file on the radius server. Here is my config snippet:
You could experiment using . Instead of
Hi,
I think I need some more help with my config. It is working ok for my machine
cert based authentication, but only if I put the name of the machine in a file
on the radius server. Here is my config snippet:
Identifier TLS
Filename %D/tls_anon
EAPType TLS
EAPTLS_CAFile /app/radius/keys/ADRoot
On 11/15/2011 07:43 PM, Joy Veronneau wrote:
> I've made some progress on this. The windows 7 machine is now contacting
> the radius server, but its username starts with "host/" and radiator
> doesn't seem to like that. Should the machine be sending some sort of
> different username? I don't think
Hi,
I've made some progress on this. The windows 7 machine is now contacting the
radius server, but its username starts with "host/" and radiator doesn't seem
to like that. Should the machine be sending some sort of different username? I
don't think I can get the request to the correct handler
On 11/09/2011 09:46 PM, Joy Veronneau wrote:
> Is it possible for the radiator server to do machine-based
> authentication (via certificate) to an Active Directory domain?
You may want to check if the really mean certificates, since machine
based authentication can work with PEAP/EAP-MSCHAP-V2 t
12 matches
Mail list logo
