On Sun, 2008-11-23 at 00:24 +0100, [EMAIL PROTECTED] wrote: > >I don't understand the message about unknown_ca in the log below either > >because I am acting as my own CA and this same cacert.pem seems to be > >happy on the Windows system I imported it on and I've been using it for > >a bunch of other daemons. > > > > It probably wants cacert.der. ---- OK - that quiets the notification but I still can't figure out the issue where I can authenticate RRAS, Macintosh and iPod clients against radius via LDAP using mschapv2 but even with the certificates on Windows XP clients, with the 'xpextensions' they always try to authenticate as 'uid=anonymous' and never ask me for name/password credentials to supply for authentication.
Thus since my Default Auth Type = LDAP (in users), these clients always fail authentication. While I probably would agree that the certificates should be enough and not need the user/password authentication, I can't figure out how to tell radiusd to accept those with the certificates. Either way I would be happy...getting windows clients to provide username/password or getting radius to accept a client with the certificate. Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html