Hi Damian, I have configured freeradius for PEAP/MSCHAPv2 authentication, no client certificates, with a WinXP supplicant. When i created the certificates i studied these guides : http://www.linuxjournal.com/article/8095 , http://www.linuxjournal.com/article/8151.
I copied the server certificate to the radius server as the guide said , and some other files like dh , random. I did not make client certificates. In PEAP/MSCHAPv2 authentication client certificates are not necessary. On Thu, 2007-03-22 at 15:30 -0700, Damian Davalos wrote: > Hello, > > I have a question I can't seem to answer with the mail archives or > documentation. > > Let me begin by explaining what I'm trying to do: > > - PEAP/MSCHAPv2 authentication, no client certificates, with a WinXP > supplicant. > - The server certificate is self-signed. > > >From the FAQ, I have: > > - Installed the hot fix from MS KB 885453 > - Included the required OID 1.3.6.1.5.5.7.3.1 in the server certificate > - Followed MS requirements for server certificates in KB 814394 > > The only way I can get this setup to work, is if I import my root > certificate onto my > client machine. Otherwise, I get the typical Access-Request and > Access-Challenge back > and forth. > > My question: Is importing the root certificate onto your client necessary > when self-signing > your own server certificate? > > If not, then I guess I'm still doing something wrong, but I would like to > make sure before I > continue to troubleshoot. > > Any help is greatly appreciated. > > Regards, > > Damian Davalos > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___________________________________________________________ Inbox full of spam? Get leading spam protection and 1GB storage with All New Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html