last hurdle...windows clients

Alan DeKok aland at deployingradius.com
Sun Nov 23 09:59:25 CET 2008


Craig White wrote:
> OK - that quiets the notification but I still can't figure out the issue
> where I can authenticate RRAS, Macintosh and iPod clients against radius
> via LDAP using mschapv2 but even with the certificates on Windows XP
> clients, with the 'xpextensions' they always try to authenticate as
> 'uid=anonymous' and never ask me for name/password credentials to supply
> for authentication.

  Then the supplicant is misconfigured.

> While I probably would agree that the certificates should be enough and
> not need the user/password authentication, I can't figure out how to
> tell radiusd to accept those with the certificates.

  No.  PEAP does MS-CHAP for username/passwd authentication.  If you
want authentication via client certs, use TLS.

> Either way I would be happy...getting windows clients to provide
> username/password or getting radius to accept a client with the
> certificate.

  There's something else in your windows configuration that is making it
*not* ask you for the username/password.  Maybe it's cached in the registry.

  Alan DeKok.



More information about the Freeradius-Users mailing list