David, Artur, This problem appears to be caused by having the Server Authentication and Client Authentication properties set in the certificate. If you disable all extended certificate properties except the Client Authentication in the Client certificate on the XP machine the EAP authentication should work.
It worked for me via both Symbol and Orinoco APs with certificates that I generated with the OpenCA certificate authority. Cheers, Philip Blow Senior Technical Manager Simply Wireless [EMAIL PROTECTED] > hi David > > ok, it's good news then... if you followed exactly the steps, it should > work fine. > > to find the error, just put the same certificate which is available at > the server side on your XP machine and open it using the crypto > extensions (double-click). XP should say you what is missing. the most > probable error would be imho an expiration date. the second possible > would be the forgotten extension (as already said, both errors should > not be there if you followed exactly the script, but still, check it). > check the availability of the private key, check the certification path, > XP should know the signing CA (meaning that the cert is signed by the CA > whose certificate is installed under certification authorities). > > regards, > artur > > > David Baer wrote: > > The problem has been partially solved (or let's say: narrowed). > > Somehow the server's certificate is not accepted by the XP-supplicant. > > If the "Validate server certificate" check box is unchecked, the authentication > > succeeds. To leave the server's certificate unvalidated is not very desirbale though. > > I used the script by Ken Roser (http://www.freeradius.org/doc/EAPTLS.pdf) to generate > > the certificates. > > Any idea what I could have done wrong with the server's certificate? > > david - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
