I saw that but wasn't sure if it was a general problem or a FreeRadius specific problem. Has anyone else had to obtain a "special" certificate to make Windows WPA work? I have a feeling I'm going to get a blank stare if I ask for that ;)

-Mike

On 04/02/2010 12:12 PM, Bruce Hudson wrote:
Slightly off topic, but I'm trying to configure FreeRadius V2 to work
with the Cisco Wireless Lan Controllers using WPA2. I'm running into
trouble with Windows clients. If I configure them NOT to verify the
certificate from the Radius Server, it connects. As soon as I configure
the "Verify Certificate" option, it fails. The Diagnostic seems to
indicate that it doesn't trust the certificate from the Radius Server,
which is a CA signed Verisign cert. A Mac client presents the
certificate on login, and I can either accept it or not. Windows isn't
doing that, it just fails.

     The README file in FreeRadius certs directory includes the following
statement:

            The Microsoft "XP Extensions" will be automatically
        included in the server certificate.  Without those
        extensions Windows clients will refuse to authenticate
        to FreeRADIUS.

I would guess that the certificate you got from Verisign does not include
the extensions. If you figure out how to get them, please let me know.
Dealing through our local certificate maintainer, I never could get an
answer (or clear indication they knew what I was asking for).
--
Bruce A. Hudson                         | [email protected]
ITS, Networks and Systems               |
Dalhousie University                    |
Halifax, Nova Scotia, Canada            | (902) 494-3405

<<attachment: mike_diggins.vcf>>

Reply via email to