Jürgen Stader wrote: > OK, once again; i have cloned a radius-server vm, the new radius-server > has a new DNS-Entry, IP and a new certificate.
Well, that's likely the problem. Have you tried using the *working* certificate in the new machine? > The wlan-ssid is > different from that one wich is used by the original radius. I see. You've changed a number of things at the same time, and are trying to understand why it isn't working. That isn't good practice. > I checked both certificates, they match the requirements given by > microsoft. The certificates are both singed by same CA, with same O,OU, > hash-algorithm, key strength... CN is logically different and is set to > host and dns name (are the same) from the new radius, like: > CN=new-radius.mydomain.mycountry The certificates are checked before the supplicant is on the network. Hostname and DNS names are irrelevant. > The complete certification path is installed on the client. The client > don't have an extra client certificate, server certificate check is > turned off in wireless settings. > A cisco wireless controller is used for both SSIDs. > > Original radius works fine, with both SSIDs, new radius does not. > So what's wrong? The debug log points you a page on the Wiki. The Wiki contains complete instructions for debugging it both on the server side, and on the supplicant side. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html