Sallee, Stephen (Jake) wrote: > I have a working FreeRADIUS server that will authenticate linux clients > happily, however my windows clients are unable to authenticate. Here is .. > [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca > TLS Alert read:fatal:unknown CA > TLS_accept:failed in SSLv3 read client certificate A
The supplicant is sending a certificate that the server doesn't recognize. > As you can see the problem seems to lie in the TLS section, but I have > followed all the HOWTOs I can find on installing and configuring the > server cert. but to no avail. How do I tell the FreeRADIUS box to > trust its own certificate? The cert was generated and signed on the > FreeRADIUS box. It's not a problem with FreeRADIUS. It's a problem with the supplicant. (i.e. Windows box) > Also as a side note, the linux users are able to authenticate by typing > in domain\username, but doing this on a windows box shows very strange > things in the radius log, and fails to authenticate. Is there a way to > make both operating systems behave the same? Otherwise my windows > clients must use the usern...@domain convention, once I get that working What "strange things" show up in the log? Is it a secret? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html