Problems with Active directory integration

Spider s spidersoftware at
Thu May 19 11:19:51 CEST 2016

Hello Again.

Exelent , you are great Paul.

Is explained perfect, I now understand, and the problem is solved.

I install the examples cetrs client.p12 and ca.der on my windows 7 client
and he can connect now.

Thanks to all people try help me, all recomendations are corrects, but I
did not see clear.

Solved for now, only the last question, with the real cert(pay) the windows
client dont need installs the certs, is this correct ??? (I need this mode)

Thank you to all for this great help and mailing list, i planned make a
guide about this (spanish).


On Tue, May 17, 2016 at 12:17 PM, Paul Seward <Paul.Seward at>

> On 17 May 2016 at 11:05, Spider s <spidersoftware at> wrote:
> >
> > When you refer to my client,  you refer to my AP (client of radius
> server )
> > or my windows 7 client that connect to my ap.
> >
> The windows 7 client
> > I want use only credentials and not install certs on my windows 7 client.
> > (for this the directory active integration)
> >
> The conversation between the windows client and freeradius is encrypted
> using the certificate you've installed on the radius server.  It looks like
> your windows client is configured to check that the certificate the radius
> server is using was issued by someone it trusts.  It's a self signed cert,
> so windows doesn't trust it.
> To make this work, you either need to tell the windows client not to check
> the validity of the certificate that the radius server is using (bad idea!)
> or put a copy of the CA which signed the certificate used by the radius
> server onto the client and tell windows to trust it.
> Does that make sense?
> -Paul
> --
> ----------------------------------------------------------------------
> Paul Seward,    Senior Systems Administrator,    University of Bristol
> Paul.Seward at  +44 (0)117 39 41148    GPG Key ID: E24DA8A2
> GPG Fingerprint:    7210 4E4A B5FC 7D9C 39F8  5C3C 6759 3937 E24D A8A2
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list