AW: AW: AW: AW: Freeradius XP Client without certificate
This is well known. It is in the FAQ, and in the comments in raddb/eap.conf. In short, you did *not* get a certificate that Windows will accept. Read the documentation for details. Look for Windows. I know these problems, but the certificate support extensions. It's a cert that should be known in windows trusted root certs. That means theoretically windows have the cert and our server. But I think, I include the cert wrong at the radius server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: AW: Freeradius XP Client without certificate
It's a damn shame. The XP supplicant has held back 802.1x by a decade. HOWEVER - you can fix this by getting a wireless cert from a commercial provider which is in XPs CA store by default (e.g. verisign). You then need to write tedious instructions telling which 20 boxes to tick in Windows to make sure it does the right thing, but at least you don't have to visit the machine or download anything to it... Thank you. It's really a damn shame. I will look for a commercial certificate. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: AW: Freeradius XP Client without certificate
I will look for a commercial certificate. We bought a certificate. I write the new cert name in the eap.conf and comment ca.pem out. But windows don’t get it. Radiusd -X do handshake, and all successful. The Server send access challenge but Windows don’t connect. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: Freeradius XP Client without certificate
That disagrees with what you said earlier: 1) it doesn't need certs 2) the cert is on the phone I mean you must not manually install the certificate. And you can't change the way some things work. EAP-TLS methods require certificates. Don't blame me, or FreeRADIUS for that. All other products on the market have the same restrictions. I don’t blame you or Freeradius, becuase that’s not a Freeradius problem. Pity, that an Iphone can load the certificate automatic and XP Laptop not! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: AW: Freeradius XP Client without certificate
On 07/20/2010 01:12 PM, Lionne Stangier wrote: That disagrees with what you said earlier: 1) it doesn't need certs 2) the cert is on the phone I mean you must not manually install the certificate. And you can't change the way some things work. EAP-TLS methods require certificates. Don't blame me, or FreeRADIUS for that. All other products on the market have the same restrictions. I don’t blame you or Freeradius, becuase that’s not a Freeradius problem. Pity, that an Iphone can load the certificate automatic and XP Laptop not It's a damn shame. The XP supplicant has held back 802.1x by a decade. HOWEVER - you can fix this by getting a wireless cert from a commercial provider which is in XPs CA store by default (e.g. verisign). You then need to write tedious instructions telling which 20 boxes to tick in Windows to make sure it does the right thing, but at least you don't have to visit the machine or download anything to it... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
