config on client follows exactly what the howto reccomends with the 1 change of checking "authenticate as computer when computer information is available". Which as you can see does attempt to auth. The cert options are set as in this picture: http://wiki.freeradius.org/Image:100000000000017F000001D2C7856F9F.png I just reread this section here on the howto "Certificate validation is strongly recommended for wireless configurations, and optional for wired deployments. Select « Validate server certificate » and check ONLY the CA for your FreeRADIUS server (the one you installed above). Also select « Connect to these servers » and enter the Common Name of the server certificate. If you are configuring a wired ethernet interface, you can leave certificate verification off in your supplicants: just deselect « Validate server certificate ». Either way, select « EAP-MSCHAP v2 » as authentication method. Click the « Configure » button next." So I will enable cert validation retry and post back. Cheers for the info /tip :) On 7/6/07, A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
This url here looks like what I need http://support.novell.com/docs/Tids/Solutions/10100693.html but their instructions are pretty lousy "For machine-based authentication or user based authentication, modify the RADIUSD.CONF file by adding the following lines:" doesnt say where or what section to add said lines to and we all know how touchy the radiusd.conf file is.
those parts can go pretty much anywhere in the main config file - eg stick them at the end of the file.
from what I can see of the log the NTLM is working fine - the NTKEY reply matched and its all okay. which leaves me to assume that a config on the client isnt correct - is the machine configured to validate the RADIUS server and does it have the correct 'tick' for the certificate and host name for the server to validate?
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html