Windows 10 in domain connects but fails to manually reconnect

Nick Howitt nick at howitts.co.uk
Wed May 9 20:35:25 CEST 2018


On 09/05/2018 19:03, Alan Buxey wrote:
> without further details I'd say you checked the 'do not prompt' for
> certificate..so it was connected but wont reconnect because its not
> happy about the CA or RADIUS cert.
> just ensure you've imported the CA used for the RADIUS server into the
> correct root authority store so that the client is happy with the
> server cert.
> you really SHOULD have all those things (CommonName filled and CA
> selected etc) - if doing a windows domain this is VERY easy with a GPO
> that can be just pushed to
> all Windows clients in the domain.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes, I have unchecked "Verify server's identity by validating the 
certificate" so I would have expected Windows not to worry that it was 
signed by Radius's own CA. I have configured CN and SubjectAltName to be 
the same resolvable FQDN, and the correct M$ extensions. I can't do GPO 
as this is an old style NT domain in Samba, but I'll give importing the 
CA a go just in case. I'm still confused why it would accept a 
certificate first time round but not subsequently but I know Windows 
does have idiosyncrasies.

FWIW the domain is a test server at home with one PC connected to it .

Nick


More information about the Freeradius-Users mailing list