>> There might be a slight miscommunication here these are two separate >> boxes. Our production box is 1.1.7 and this new box 2.0.5 > > That's nice. > > Do the clients have the certificate for the CA that signed the server certificate? It seems not.
The clients have the certificate for the CA, same CA being used for the 1.1.7 >> I have created the certificates using your scripts or openssl and have >> had them signed by our Windows CA. The appropriate OID's are there >> according to the certificate authority. > > That's nice. I asked if you were using the *same* certificates. It seems not. I copied the exact same certificates (private, certificate_file and cacert) from production to the new box with no change I will do some more reading of what I can find then if no success I guess give up. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html