Hello Stefan and thanks for your help :) with no problem, means that a box in coming and I've to enter a username/password from my domain users. Once this is made, my username/password are stored and they are not requested anymore. In this case I didn't install any certificate of my computer. For computers registered into the domain, they are several cases : With windows 10 , I can connect if I do that before entering my username/password to start my session. Once my session started, I can't connect anymore. For Windows 7, as I can't connect before entering in a session, I tested 2 different situations : 1 with a local account and 1 with a domain account. In both cases I can't connect to my wifi and the certificate error is coming. My domain is a samba domain so I don't think (but not sure) I can use GPOs for this .. Thanks very much for your help Arnaud Le 10.04.2018 à 11:04, Stefan Winter a écrit :
Hi,
Yes but only for computer which are registered to the samba domains. For other ones there's no problem With no problem, do you mean:
- there's a box coming up on the first time, and the user can click "Connect", and then things work
or
- you are provisioning all the non-AD client devices with the needed CA and server name details, and they can connect automatically
If the former, this in not "no problem" but a gaping security hole.
If the latter: good job on the BYOD clients. Now, for the AD-joined machines, you probably you need to install the CA via GPOs and mark it as trusted for the *Wi-Fi* login use case. Just being in the generic CA trust store is *not* enough.
Greetings,
Stefan Winter
On Apr 10, 2018, at 2:34 PM, Arnaud Forster <arnaud.forster@mwprog.ch> wrote:
Hello Alan,
Thanks for your answer. So I checked the log and the only thing I've when a computer belonging to the domain tries to connect is the following :
Tue Apr 10 10:31:14 2018 : Info: rlm_ldap (ldap): Opening additional connection (24), 1 of 29 pending slots used Tue Apr 10 10:31:15 2018 : ERROR: (37) eap_peap: ERROR: TLS Alert read:fatal:unknown CA Tue Apr 10 10:31:15 2018 : ERROR: (37) eap_peap: ERROR: TLS_accept: Failed in SSLv3 read client key exchange A Tue Apr 10 10:31:15 2018 : ERROR: (37) eap_peap: ERROR: Failed in __FUNCTION__ (SSL_read)
So I tried to install the ca.der key on the windows client system but the error remains Client doesn't know/trust the CA that signed your server certificate.
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Le 10.04.2018 à 10:36, Arran Cudbard-Bell a écrit : - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html