Newbie: help to configure PEAP extension for windows XP wireless Clients

Alan DeKok aland at deployingradius.com
Fri Sep 10 07:29:30 CEST 2010


Stephane Brodeur wrote:
> I am a newbie with Radius and I have problems to authenticate XP
> wireless clients with eap.  I think that my first problem is due to the
> fact that Windows XP client requires a Certificate Authority since
> Windows only recognized signed certificate. I could not find the
> certificate properties windows as shown in the following link:

  Microsoft may have changed their GUI...

> My first question is where is this Smart Card or other Certificate
> Properties window, is it in the wireless 802.1x configuration window or
> in the internet explorer where you import certificate.  I am using
> Windows XP with service pack 3.

  It's in the 802.1X config.

> 2) Does FreeRadius generates automatically a self-signed Certificates
> when we start radiusd -X for the first time.

  Yes.  This is documented.

> Can we also imports the
> ca.der file into Windows XP to test our PEAP authentication. Does the
> server certificate created with the self-signed certificate is good
> enough to authenticate Windows XP wireless client

  Yes.  This is documented on the web page you referenced above.

> 3) Can we used the root/server/client self-signed certificate for
> authentication EAP-TLS. Does making new root/server/client certificate
> with the make function overides thte self-one

  Yes, and yes.

  The intent behind creating the certificates is that they are *useful*.
 There is no reason for the server to create useless certificates.

  Alan DeKok.



More information about the Freeradius-Users mailing list