windows7 machine authentication
Sallee, Stephen (Jake)
Jake.Sallee at umhb.edu
Tue Aug 24 16:48:39 CEST 2010
> I dont use certificates neither on the server and neither on the
> I read in teh internet that also windows7 should work without
certificates - is that true ?
Strictly speaking this is actually true, However! You need to understand
what is happening:
1) Win7 will not connect to a wireless network that is secured with a
certificate enabled protocol without some prior configuration, period.
This means that is you set up an AP using 802.1x with FreeRADIUS
(or any server) as your AAA server your windows 7 (and Vista AFAIK) WILL
Authenticate successfully unless you specifically configure the
client to do so. Gone are the days of click through protected WiFi
setups in Windows.
I have purchased a cert from thawte hoping that my clients will
trust it and allow the connection without manually touching each machine
but alas, no.
2) once correctly configured (depending on the auth protocol you are
using) the client will accept the server's cert (the reason the auth is
failing now) and
send back its own cert for the server to inspect (if needed by
So, you ARE using certs. Did you install them, no. Is that a problem,
yes. When working with certs you should ALWAYS know them inside and
out, they are your
digital identity, and they do incur some legal implications.
If you need assistance configuring the windows clients to accept the
cert the server is sending, meet me on the IRC channel. That is really
not a discussion for the list. ; )
Godfather Of Bandwidth
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of alois blasbichler
Sent: Tuesday, August 24, 2010 9:20 AM
To: freeradius-users at lists.freeradius.org
Subject: windows7 machine authentication
We use freeradius with opendlap and machine-authentification
(samba-pcs) for years with success.
Windows xp and vista clients works fine.
Now i wanted to authenticate a Windows 7 laptop and i get the following
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 12 length 19 [eap] No EAP Start,
assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS
TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert
TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation [peap] eaptls_process
I dont use certificates neither on the server and neither on the client
I read in teh internet that also windows7 should work without
certificates - is that true ?
Wath can bee the problem ?
Do you need more debug-output ?
Thank you and by
List info/subscribe/unsubscribe? See
More information about the Freeradius-Users