Sallee, Stephen (Jake) wrote:
I have a working FreeRADIUS server that will authenticate linux clients happily, however my windows clients are unable to authenticate. Here is .. [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A
The supplicant is sending a certificate that the server doesn't recognize.
As you can see the problem seems to lie in the TLS section, but I have followed all the HOWTOs I can find on installing and configuring the server cert. but to no avail. How do I tell the FreeRADIUS box to trust its own certificate? The cert was generated and signed on the FreeRADIUS box.
It's not a problem with FreeRADIUS. It's a problem with the supplicant. (i.e. Windows box)
Also as a side note, the linux users are able to authenticate by typing in domain\username, but doing this on a windows box shows very strange things in the radius log, and fails to authenticate. Is there a way to make both operating systems behave the same? Otherwise my windows clients must use the username@domain convention, once I get that working
What "strange things" show up in the log? Is it a secret? Alan DeKok.