I've set up latest version of FreeRadius from source on Ubuntu, and I cannot get EAP-TLS and PEAP to work when the option "Validate server certificate" is on. We're using Windows CA to be able to auth users on the domain. I saw this old article http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-October/msg00515.html on how to generate server certificate, but that fails for me in both ways 1st fails because of a missing template on Windows CA - how to create the template to match what freeradius needs? 2nd fails with the following error CA certificate and CA private key do not match 2634:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:406: That's strange, cause CA cert and CA private key are in the same file (as noted in the text) and I didn't mistake the password (since I followed the message blindly, with the same password).
When I untick the "Validate server certificate" in Windows clients (XP, Windows 7) I'm able to connect with both EAP-TLS and PEAP Any help is appreciated, thanks in advance.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html