I have a working FreeRADIUS server that will authenticate linux clients happily, however my windows clients are unable to authenticate. Here is a snippet -------------------------------------------------- +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 7 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation [peap] eaptls_process returned 4 [peap] EAPTLS_OTHERS [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [test1@umhb] (from client Sanderford port 129 cli 00-17-C4-F0-75-C8) Using Post-Auth-Type Reject -------------------------------------------------- As you can see the problem seems to lie in the TLS section, but I have followed all the HOWTOs I can find on installing and configuring the server cert. but to no avail. How do I tell the FreeRADIUS box to trust its own certificate? The cert was generated and signed on the FreeRADIUS box. Also as a side note, the linux users are able to authenticate by typing in domain\username, but doing this on a windows box shows very strange things in the radius log, and fails to authenticate. Is there a way to make both operating systems behave the same? Otherwise my windows clients must use the username@domain convention, once I get that working :) Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221