Dotaz: WPA cez EAP-TLS cez freeradius

Ahoj, nakonfiguroval som na klientovi wpa_suplikant ktory sa autorizuje pomocou EAP-TLS cez wifi AP oproti freeradius serveru. Autorizacia prebehne bez problemov pomocou klientskeho cetifikatu vygenerovaneho mojou cert. autoritou pod linuxom. Takze linuxova klienti sa dostanu do siete bez problemov.

Problem je ale s autorizaciou winXP(SP2) voci radius servru pouziva sa ten isty klientsky certifikat + cerifikat certifikacnej autority. Pouzivam samozrejme tu istu kartu ako v linuxe. Pokusam sa to vyriesit uz dva dni a neviem s tym pohnut.A presvedcit vsetkych aby presli na linux sa mi asi nepodari :(( Nestretli sa s podobnym problemom. V konferencii na freeradiuse som problem nasiel ale bohuzial nikto nan neodpovedal (:

WinXP (SP2) wifi karta Asus WL-107g s ovladacmi od vyrobcu naimportovany certifikat pre klienta v formate pkcs12 + certifikat mojej cert. autority Konfiguracia radiusu:

konfig. subor -> eap.conf (sekcia tls)

tls {
private_key_password = rad0xrad
private_key_file = ${raddbdir}/certs/radius-key.pem
certificate_file = ${raddbdir}/certs/cert-radius.pem
CA_path = /etc/raddb/certs
CA_file = ${raddbdir}/certs/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes #check_crl = yes
check_cert_cn = %{User-Name}
}

konfigur. subor -> users

Janko Hrasko Auth-Type := EAP

Pokial bezi radius server v debug mode dostanem pri aurizacii s winXP tuto sekvenciu:

Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/tls
rlm_eap: processing type tls
rlm_eap_tls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal certificate_unknown
TLS Alert read:fatal:certificate unknown
TLS_accept:failed in SSLv3 read client certificate A
14310:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1052:SSL alert number 46
14310:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 9
modcall: group authenticate returns reject for request 9 auth: Failed to validate the user.

Dakujem za nakopnutie.
Matus