..this is where it ends - an access challenge never gets responded to. do you have the CA of the RADIUS server installed on the client? No but I disabled "Validate Server Certificate" on the client. Is it not enough?
add the CA Done but same problem. I read certs/README file with MANY other caveats about Windows:
- Windows requires certain OID's in the certificates. If it doesn't see them, it will stop doing EAP. The most visibile effect is that the client starts EAP, gets a few Access-Challenge packets, and then a little while later re-starts EAP. If this happens, see the FAQ, and the comments in raddb/eap.conf for how to fix it. - Windows requires the root certificates to be on the client PC. If it doesn't have them, you will see the same issue as above. - Windows XP post SP2 has a bug where it has problems with certificate chains. i.e. if the server certificate is an intermediate one, and not a root one, then authentication will silently fail, as above. I'm sorry to blamed Freeradius. I'm forced to abandone this project and resort to M$'NAP server :( Thanks -- DV