Hi, > I chose to start with this article as it was one of the most recent > tutorials I could find on the topic of FreeRADIUS and EAP TLS.
strange. the EAP-TLS HOWTO seems uite straight forward. everything else is a rewrite of this guide. > if you like. You may be tempted to press Enter instead, especially > given that the WPA supplicant in Windows XP works only when you store > its certificates without a passphrases..." I've tried generate the interesting. we've used pass phrases...stops people just copying the certificate onto any unknown machine. > client p12 file both ways and reimporting to XP's Personal > Certificates to no avail. Is that pkcs12 passphrase assertion still > true for XP supplicant? Either way, with or without, I can't get > this to work, so that must not be the issue. did you use the extra XP SSL additions as per the EAP-TLS HOWTO? > I have also tried un-checking the "Validate Server Certificate" in > the 802.1x settings of XP for that Access Point. I get the same > error, so the error seems to indicate an issue with not being able to > deal with the client side cert? > > I've imported both the cacert.pem into my Trusted Root Certs in XP > and the client_cert.p12 into "Personal->Certificates". There were > no steps indicated I needed to import server cert on the XP side > (which doesn't make sense anyway...just noting here that for > diagnostic purposes.) > > Any help towards solving this issue would be very much appreciated. > > Now for the debug log: > > TLS Alert write:fatal:unknown CA > TLS_accept:error in SSLv3 read client certificate B though this seems to suggest that your FreeRADIUS doesnt know much about this certificate. I'd check the eap.conf file alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html