On 17 May 2016 at 11:05, Spider s <spidersoftware@gmail.com> wrote:
When you refer to my client, you refer to my AP (client of radius server ) or my windows 7 client that connect to my ap.
The windows 7 client
I want use only credentials and not install certs on my windows 7 client. (for this the directory active integration)
The conversation between the windows client and freeradius is encrypted using the certificate you've installed on the radius server. It looks like your windows client is configured to check that the certificate the radius server is using was issued by someone it trusts. It's a self signed cert, so windows doesn't trust it. To make this work, you either need to tell the windows client not to check the validity of the certificate that the radius server is using (bad idea!) or put a copy of the CA which signed the certificate used by the radius server onto the client and tell windows to trust it. Does that make sense? -Paul -- ---------------------------------------------------------------------- Paul Seward, Senior Systems Administrator, University of Bristol Paul.Seward@bristol.ac.uk +44 (0)117 39 41148 GPG Key ID: E24DA8A2 GPG Fingerprint: 7210 4E4A B5FC 7D9C 39F8 5C3C 6759 3937 E24D A8A2