I've set up latest version of FreeRadius from source on Ubuntu, and I cannot
get EAP-TLS and PEAP to work when the option "Validate server certificate"
is on. We're using Windows CA to be able to auth users on the domain. I saw
this old article
http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-October/msg00515.html
on
how to generate server certificate, but that fails for me in both ways
1st fails because of a missing template on Windows CA - how to create the
template to match what freeradius needs?
2nd fails with the following error CA certificate and CA private key do not
match
2634:error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch:x509_cmp.c:406:
That's strange, cause CA cert and CA private key are in the same file (as
noted in the text) and I didn't mistake the password (since I followed the
message blindly, with the same password).

When I untick the "Validate server certificate" in Windows clients (XP,
Windows 7) I'm able to connect with both EAP-TLS and PEAP

Any help is appreciated, thanks in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to