>I was incorrect about us doing EAP-TLS. We're doing EAP-PEAP, which does >not require a client certificate. My understanding however is that for >passing of the server certificate to validate our server to the clients >the options with the tls subsection of the eap.conf file are still used. >
For that you need to export just the intermediate certificate used to sign the server certificate onto the clients. They should have the root one already. Import intermediate certificate (.der or .crt version) onto a client. Copy server.crt onto the client desktop and see if Windows recongnized the chain. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
