I dont use certificates neither on the server and neither on the client side. I read in teh internet that also windows7 should work without certificates - is that true ?
Strictly speaking this is actually true, However! You need to understand what is happening: 1) Win7 will not connect to a wireless network that is secured with a certificate enabled protocol without some prior configuration, period. This means that is you set up an AP using 802.1x with FreeRADIUS (or any server) as your AAA server your windows 7 (and Vista AFAIK) WILL NOT Authenticate successfully unless you specifically configure the client to do so. Gone are the days of click through protected WiFi setups in Windows. I have purchased a cert from thawte hoping that my clients will trust it and allow the connection without manually touching each machine but alas, no. 2) once correctly configured (depending on the auth protocol you are using) the client will accept the server's cert (the reason the auth is failing now) and send back its own cert for the server to inspect (if needed by the protocol). So, you ARE using certs. Did you install them, no. Is that a problem, yes. When working with certs you should ALWAYS know them inside and out, they are your digital identity, and they do incur some legal implications. If you need assistance configuring the windows clients to accept the cert the server is sending, meet me on the IRC channel. That is really not a discussion for the list. ; ) Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 -----Original Message----- From: freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius.o rg] On Behalf Of alois blasbichler Sent: Tuesday, August 24, 2010 9:20 AM To: freeradius-users@lists.freeradius.org Subject: windows7 machine authentication Hello list We use freeradius with opendlap and machine-authentification (samba-pcs) for years with success. Windows xp and vista clients works fine. Now i wanted to authenticate a Windows 7 laptop and i get the following errors : [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 12 length 19 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop and then [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 7 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation [peap] eaptls_process returned 4 I dont use certificates neither on the server and neither on the client side. I read in teh internet that also windows7 should work without certificates - is that true ? Wath can bee the problem ? Do you need more debug-output ? Thank you and by luis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html