This incorrect password issue was solved once the proper server certificate was used by FreeRADIUS' EAP.conf file. Thanks for all you help! Marc Solution to get correct cert to work with Windows XP SP2 supplicant:
1) From Linux box: >openssl genrsa -des3 -out server1.key 2048 You will be prompted for password, this server1.key and the password assigned are used in "eap.conf" file. >openssl req -new -key server1.key -out server1.csr 2) Get "server1.csr" to a Windows workstation that will reach the Microsoft 2003 CA. Easiest way might be to use FTP. The URL to our CA is: http://10.10.10.10/certsrv 3) On Web access to CA: - click "Request a Certificate" - click "Advanced certificate request" - click "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file." - click "Browse for a file to insert." and browse to "ohisles1.csr" then click "READ" button. - select "Web Server" for certificate template and click "Submit" - keep "DER encoded" selected then click "Download certificate", save file as server1.cer 4) Get this file "server1.cer" back to Linux server with FTP 5) Issue OpenSSL command >openssl x509 -inform DER -in ohisles1.cer -out ohisles1.pem - update "eap.conf" to point to this server certificate. 6) Use same OPENSSL command on the CER file of the root certificate from the Microsoft CA to convert it to PEM format. Use this root certificate, we named it "root.pem" and point to it in the "eap.conf" 7) FreeRADISU with: >RADIUSD -X 8) Windows XP supplicant should work fine.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html