AW: AW: AW: AW: Freeradius XP Client without certificate

2010-07-22 Thread Lionne Stangier
> This is well known. It is in the FAQ, and in the comments in > raddb/eap.conf. > In short, you did *not* get a certificate that Windows will accept. > Read the documentation for details. Look for "Windows". I know these problems, but the certificate support extensions. It's a cert that shoul

Re: AW: AW: AW: Freeradius XP Client without certificate

2010-07-21 Thread Alan DeKok
Lionne Stangier wrote: >> I will look for a commercial certificate. > > We bought a certificate. I write the new cert name in the eap.conf and > comment ca.pem out. But windows don’t get it. > > Radiusd -X do handshake, and all successful. The Server send access challenge > but Windows don’t co

AW: AW: AW: Freeradius XP Client without certificate

2010-07-21 Thread Lionne Stangier
> I will look for a commercial certificate. We bought a certificate. I write the new cert name in the eap.conf and comment ca.pem out. But windows don’t get it. Radiusd -X do handshake, and all successful. The Server send access challenge but Windows don’t connect. - List info/subscribe/unsu

AW: AW: AW: Freeradius XP Client without certificate

2010-07-20 Thread Lionne Stangier
> It's a damn shame. The XP supplicant has held back 802.1x by a decade. > HOWEVER - you can fix this by getting a wireless cert from a commercial > provider which is in XPs CA store by default (e.g. verisign). You then > need to write tedious instructions telling which 20 boxes to tick in > Wi

Re: AW: AW: Freeradius XP Client without certificate

2010-07-20 Thread Phil Mayers
On 07/20/2010 01:12 PM, Lionne Stangier wrote: That disagrees with what you said earlier: 1) it doesn't need certs 2) the cert is on the phone I mean you must not manually install the certificate. And you can't change the way some things work. EAP-TLS methods require certificates. Don't

AW: AW: Freeradius XP Client without certificate

2010-07-20 Thread Lionne Stangier
> That disagrees with what you said earlier: > 1) it doesn't need certs > 2) the cert is on the phone I mean you must not manually install the certificate. > And you can't change the way some things work. EAP-TLS methods > require certificates. Don't blame me, or FreeRADIUS for that. All > ot