Hi,
Yes but only for computer which are registered to the samba domains. For other ones there's no problem
With no problem, do you mean: - there's a box coming up on the first time, and the user can click "Connect", and then things work or - you are provisioning all the non-AD client devices with the needed CA and server name details, and they can connect automatically If the former, this in not "no problem" but a gaping security hole. If the latter: good job on the BYOD clients. Now, for the AD-joined machines, you probably you need to install the CA via GPOs and mark it as trusted for the *Wi-Fi* login use case. Just being in the generic CA trust store is *not* enough. Greetings, Stefan Winter
Le 10.04.2018 à 10:36, Arran Cudbard-Bell a écrit :
On Apr 10, 2018, at 2:34 PM, Arnaud Forster <arnaud.forster@mwprog.ch> wrote:
Hello Alan,
Thanks for your answer. So I checked the log and the only thing I've when a computer belonging to the domain tries to connect is the following :
Tue Apr 10 10:31:14 2018 : Info: rlm_ldap (ldap): Opening additional connection (24), 1 of 29 pending slots used Tue Apr 10 10:31:15 2018 : ERROR: (37) eap_peap: ERROR: TLS Alert read:fatal:unknown CA Tue Apr 10 10:31:15 2018 : ERROR: (37) eap_peap: ERROR: TLS_accept: Failed in SSLv3 read client key exchange A Tue Apr 10 10:31:15 2018 : ERROR: (37) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read)
So I tried to install the ca.der key on the windows client system but the error remains Client doesn't know/trust the CA that signed your server certificate.
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66