Walter Gould wrote: > Sorry to bother you guys again - I created new SSL certificates per > your above instructions... After the certs were created, I then: > > 1. copied them to the /etc/raddb/certs directory > 2. updated /etc/raddb/eap.conf with the certificate names & private key > password > 3. copied and installed the new certificate (server.pem) onto my XP > laptop and > 4. started radiusd in debug mode, below is the output > > It is acting as you describe in the FAQ -
You didn't add the root certificate to the XP machine. See the EAP-TLS "howto's" on the web site. > So, I am wondering will I need to install the hotfix as listed in the > FAQ - and, will this have to be done on ALL Windows machines? I am > thinking that I still do not have something configured right on my > side. If I uncheck the "validate server certs" box on the XP client, I > can connect and authenticate successfully. Yup. "Ignore that we have no idea where this certificate came from, and do PEAP anyways". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html