Craig White wrote: > OK - that quiets the notification but I still can't figure out the issue > where I can authenticate RRAS, Macintosh and iPod clients against radius > via LDAP using mschapv2 but even with the certificates on Windows XP > clients, with the 'xpextensions' they always try to authenticate as > 'uid=anonymous' and never ask me for name/password credentials to supply > for authentication.
Then the supplicant is misconfigured. > While I probably would agree that the certificates should be enough and > not need the user/password authentication, I can't figure out how to > tell radiusd to accept those with the certificates. No. PEAP does MS-CHAP for username/passwd authentication. If you want authentication via client certs, use TLS. > Either way I would be happy...getting windows clients to provide > username/password or getting radius to accept a client with the > certificate. There's something else in your windows configuration that is making it *not* ask you for the username/password. Maybe it's cached in the registry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html