QUESTION: How to do a COMPUTER NAME (not user name) 802.1x (RADIUS) authentication with wpa_supplicant in Ubuntu 12.04?
McArthor Lee
macarthorzhuce
Tue Apr 2 23:53:43 PDT 2013
any one who can help? any clues are appreciated.
further information:
I've make a machine certificate by "Computer" and "Workstation Authentication" certificate templates on DC CA, but it does not work: the error in NPS event log is also "credential mismatch". The two templates do client and/or server authentication.
?2013/03/29? "McArthor Lee" <macarthorzhuce at 126.com> ???
Hi Jouni,
Yes, I think the problem may lie in the certificate.
I made the certificate by the steps stated in my first email. The "identity" field of wpa_supplicant.conf is computer name "host/ubuntu.nps.test", while the certificate only contains information about the "testadmin" user. The information sent to NPS server is mismatch, I think, but I don't know what's the correct thing to do a computer name authentication.
At 2013-03-29 15:19:28,"Jouni Malinen" <j at w1.fi> wrote:
>On Fri, Mar 29, 2013 at 09:30:36AM +0800, McArthor Lee wrote:
>> I'm not using NM to configure 802.1x. I'm configuring 802.1x with wpa_supplicant directly. And I'm trying to do a computer name authentication. I wonder if wpa_supplicant supports such authentication, and how to do it.
>
>In most cases, I'd expect this to be just a configuration question,
>i.e., to set the identity and certificate parameters that the server
>side expects. I'm not sure what the exact NPS requirements here are, so
>it is a bit difficult to comment on what could be missing or incorrect.
>Anyway, the reason for denying authentication was "Authentication failed
>due to a user credentials mismatch. Either the user name provided does
>not map to an existing user account or the password was incorrect."
>which does not more like something being different in identities rather
>than something missing from implementation.
>
>--
>Jouni Malinen PGP id EFC895FA
>_______________________________________________
>HostAP mailing list
>HostAP at lists.shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20130403/d527ca57/attachment.htm>
More information about the Hostap
mailing list