EARUN
2008-04-15 13:59:01 UTC
Hello,
i've installed IAS in an AD2003 infrastructure for wired/wireless 802.1X.
logging with PEAP/MSCHAPV2 works well -ok ( with CA certificate check ).
EAP TLS doesn't.
i've renewed user certificate, check type ( client auth) ...everything seems
to be fine but i get "fired" by IAS .
IAS TLS logs (RASTLS.log) seems to be telling that the certificate used is
the wrong one ...but i'be bee checking that too, doesn't see anything
wrong...What d oi miss ?
hereunder some logs :
[560] 16:52:19:309: EapTlsMakeMessage(caille1\nacuser2)
[560] 16:52:19:309: >> Received Response (Code: 2) packet: Id: 7, Length:
198, Type: 13, TLS blob length: 0. Flags:
[560] 16:52:19:309: EapTlsSMakeMessage
[560] 16:52:19:309: MakeReplyMessage
[560] 16:52:19:309: SecurityContextFunction
[560] 16:52:19:543: AcceptSecurityContext returned 0x0
[560] 16:52:19:543: AuthenticateUser
[560] 16:52:19:543: FGetEKUUsage
[560] 16:52:19:543: FCheckPolicy
[560] 16:52:19:543: CertVerifyCertificateChainPolicy succeeded but policy
check failed 0x800b0112.
[560] 16:52:19:543: FCheckPolicy done.
[560] 16:52:19:543: The user's cert does not have correct usage.
[560] 16:52:19:543: MakeAlert(49, Manual)
[560] 16:52:19:543: State change to SentFinished. Error: 0x800b0112
[560] 16:52:19:543: BuildPacket
[560] 16:52:19:543: << Sending Request (Code: 1) packet: Id: 8, Length: 17,
Type: 13, TLS blob length: 7. Flags: L
It'll be great if you give me any tips !!
Best regards
Eric
i've installed IAS in an AD2003 infrastructure for wired/wireless 802.1X.
logging with PEAP/MSCHAPV2 works well -ok ( with CA certificate check ).
EAP TLS doesn't.
i've renewed user certificate, check type ( client auth) ...everything seems
to be fine but i get "fired" by IAS .
IAS TLS logs (RASTLS.log) seems to be telling that the certificate used is
the wrong one ...but i'be bee checking that too, doesn't see anything
wrong...What d oi miss ?
hereunder some logs :
[560] 16:52:19:309: EapTlsMakeMessage(caille1\nacuser2)
[560] 16:52:19:309: >> Received Response (Code: 2) packet: Id: 7, Length:
198, Type: 13, TLS blob length: 0. Flags:
[560] 16:52:19:309: EapTlsSMakeMessage
[560] 16:52:19:309: MakeReplyMessage
[560] 16:52:19:309: SecurityContextFunction
[560] 16:52:19:543: AcceptSecurityContext returned 0x0
[560] 16:52:19:543: AuthenticateUser
[560] 16:52:19:543: FGetEKUUsage
[560] 16:52:19:543: FCheckPolicy
[560] 16:52:19:543: CertVerifyCertificateChainPolicy succeeded but policy
check failed 0x800b0112.
[560] 16:52:19:543: FCheckPolicy done.
[560] 16:52:19:543: The user's cert does not have correct usage.
[560] 16:52:19:543: MakeAlert(49, Manual)
[560] 16:52:19:543: State change to SentFinished. Error: 0x800b0112
[560] 16:52:19:543: BuildPacket
[560] 16:52:19:543: << Sending Request (Code: 1) packet: Id: 8, Length: 17,
Type: 13, TLS blob length: 7. Flags: L
It'll be great if you give me any tips !!
Best regards
Eric