Win 7 IKEv2+PEAP = "no NPS server"?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Apr 8 15:45:44 CEST 2010
On 08/04/10 14:27, Stefan Winter wrote:
> Hello,
>
> I wonder if anyone else has come across this already... Google is not
> very helpful here.
>
> We're setting up a VPN Server (strongswan) with Windows 7 in IKEv2 mode.
> The client side is supposed to authenticate with PEAP(*) to FreeRADIUS.
> That works pretty well, but on the first PEAP connection to the server,
> there's a big fat warning on the Win 7 UI: "You're connecting to a
> server which is not a valid NPS Server for this domain. You are strongly
> discouraged from continuing... bla..." If you click Connect, *everything
> works*. Now I'm wondering what needs to be done to make that useless
> warning go away... Maybe the FreeRADIUS server certificate needs yet
> another Extended Key Usage or so? I didn't really find helpful
> documentation.
Interesting.
I coded up PEAP/SoH support a while back, and IIRC Alan is dragging it
into the 2.2 version.
If you're curious you could try the code here:
git clone git at git.freeradius.org:soh.git peap-soh
git checkout -b peap-soh origin/peap-soh
...see "eap.conf" for brief docs. I presume the warning will go away...
More information about the Freeradius-Users
mailing list