>>So, check EAP settings on your windows machine - have you cleared server certificate validation box? yes I tried with such settings, after that my freeradius -X logs:
rad_recv: Access-Request packet from host 192.168.5.206 port 1812, id=245, length=147 NAS-IP-Address = 192.168.5.206 NAS-Port = 50046 NAS-Port-Type = Ethernet User-Name = "user_certificate" Called-Station-Id = "00-0C-30-81-9B-EE" Calling-Station-Id = "00-0A-E4-13-1A-02" Service-Type = Framed-User Framed-MTU = 1500 EAP-Message = 0x0201001501757365725f6365727469666963617465 Message-Authenticator = 0x2329ec2c85dc1d283a985e213260a2c4 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "user_certificate", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 21 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 245 to 192.168.5.206 port 1812 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7895d3087897cab912734ed23163fd96 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 1 ID 245 with timestamp +137 Ready to process requests. On Wed, May 20, 2009 at 10:24 PM, Ivan Kalik <t...@kalik.net> wrote: > >> Check connection settings on Windows machine. > >> > >> Ivan Kalik > >> Kalik Informatika ISP > > I am using a standard settings of eap.conf > > when I change eap.conf to: > > # default_eap_type = md5 > > default_eap_type = peap > > > > That's not Windows machine - that's on your radius server. Changing that > is cosmetic - it won't do anything substantial. > > http://deployingradius.com/ > > Have you read this? You are trying to do step 4 without sorting out step > 2. So, check EAP settings on your windows machine - have you cleared > server certificate validation box? > > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html