Craig White wrote:
OK - that quiets the notification but I still can't figure out the issue where I can authenticate RRAS, Macintosh and iPod clients against radius via LDAP using mschapv2 but even with the certificates on Windows XP clients, with the 'xpextensions' they always try to authenticate as 'uid=anonymous' and never ask me for name/password credentials to supply for authentication.
Then the supplicant is misconfigured.
While I probably would agree that the certificates should be enough and not need the user/password authentication, I can't figure out how to tell radiusd to accept those with the certificates.
No. PEAP does MS-CHAP for username/passwd authentication. If you want authentication via client certs, use TLS.
Either way I would be happy...getting windows clients to provide username/password or getting radius to accept a client with the certificate.
There's something else in your windows configuration that is making it *not* ask you for the username/password. Maybe it's cached in the registry. Alan DeKok.