windows users having trouble authenticating

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Tue Aug 3 07:59:08 CEST 2010 

I am still getting this error in my debug output:

rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca

I have upgraded to version 2.1.8+dfsg-1ubuntu1, still no joy!

PLEASE someone tell me how to make FreeRADIUS automatically accept the
client cert.  I have about 2 thousand clients that are not owned by my
university, I cannot install the server cert on all of them, the
logistics are too much.  PLEASE HELP!

Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221



-----Original Message-----
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of Sallee, Stephen (Jake)
Sent: Monday, August 02, 2010 7:07 PM
To: FreeRadius users mailing list
Subject: RE: windows users having trouble authenticating

Thanks for the info, I have the client setup the way you suggest, in Win
7 almost everything you said were defaults.  However I still get the
unknown CA problem.  Does anyone know how I can tell the FreeRADIUS
server to accept the client cert automatically?  

Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221



-----Original Message-----
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of Alan Buxey
Sent: Monday, August 02, 2010 5:59 PM
To: FreeRadius users mailing list
Subject: Re: windows users having trouble authenticating

hi,

wierd output due to special character.... \t, \r , \n all did similar
things in the output (latest version has fixed for this).

issue with windows is to do with certs etc.  you need to configure the
supplicant to use PEAP, not to use the windows login, if you havent
sorted out certs, then you need to not check any radius server ot tick
anything..and not have the 'do not prompt for new certs' etc unticked.
best to put the CA that the RADIUS server was signed with onto the host
(in trusted CA local root store).

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list