All of you that are having this problem - do you have a server certificate on your FreeRADIUS server that has the Microsoft specific OIDs and the CA for that certificate installed on the client ?
The built-in supplicant in XP will not validate that server certificate if it is missing that OID - as described in the EAP-TLS setup documentation. I'm assuming the same applies to PEAP as well.
HTH, Craig
Dudley Atkinson wrote:
The problem I experienced was with both the XP built-in client and the Cisco Aironet Utility. I haven't tried others. Maybe I will try the Secure2W.
-atkinson
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Øystein Gåsdal
Sent: Thursday, February 10, 2005 1:34 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: RE: PEAP and "fatal unknown_ca"
I too has experienced problems when I use the built in 802.1x client in WinXP. If I try other clients, like Secure2W, it works fine. My guess is that it is a bug in the built-in client.
- Oystein
-----Original Message-----
From: Dan Armstrong [mailto:[EMAIL PROTECTED] Sent: 10. februar 2005 02:51
To: [EMAIL PROTECTED]; freeradius-users@lists.freeradius.org
Subject: Re: PEAP and "fatal unknown_ca"
Hello,
I've just subscribed to the list, so pardon me if this was covered... we are using FreeRadius to authenticate PEAP over Cisco Aironets with Windows XP. We can only get it working if we tell XP to ignore the cert that comes from radius - ie uncheck that "Validate Server Certifiate" box. Mac OS-X seems to work fine..
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- / Craig Huckabee | e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: "Hey You!" / / Charleston, SC | ICBM: 32.78N, 79.93W /
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
