Thai Duong wrote:
I can be sure the client certificate has the Enhanced Key Usage showing Client Authentication (1.3.6.1.5.5.7.3.2). I have no way to verify whether the server certificate contains proper OID but here is
openssl x509 -noout -text -in theserver.crt ...will show things like: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication ...the latter being the one you're looking for. As Alan says, it's almost certainly oids, but regardless the problem is not at the FreeRadius side - you should look to the debugging on the cisco switch and/or the windows client ("netsh * set tracing on" and logfiles somewhere under c:\windows)