On 09/05/2018 19:35, Nick Howitt wrote:
On 09/05/2018 19:03, Alan Buxey wrote:
without further details I'd say you checked the 'do not prompt' for certificate..so it was connected but wont reconnect because its not happy about the CA or RADIUS cert. just ensure you've imported the CA used for the RADIUS server into the correct root authority store so that the client is happy with the server cert. you really SHOULD have all those things (CommonName filled and CA selected etc) - if doing a windows domain this is VERY easy with a GPO that can be just pushed to all Windows clients in the domain.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Yes, I have unchecked "Verify server's identity by validating the certificate" so I would have expected Windows not to worry that it was signed by Radius's own CA. I have configured CN and SubjectAltName to be the same resolvable FQDN, and the correct M$ extensions. I can't do GPO as this is an old style NT domain in Samba, but I'll give importing the CA a go just in case. I'm still confused why it would accept a certificate first time round but not subsequently but I know Windows does have idiosyncrasies.
FWIW the domain is a test server at home with one PC connected to it .
Nick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Totally puzzled. I've imported the ca.crt (as ca.der) as a Trusted Root Certification Authority and allowed 802.1x to use it. First time round it prompts me that is is not a trusted certificate (odd as it is imported as a Trusted Certificate), but if I disconnect and try to reconnect it does not prompt me again, nor does it if I switch user ans switch back. After a manual disconnect, the only way I can reconnect is to log off and back on or switch users and switch back. It must be a Windows thing somewhere.