Hello My situation is : I dont want user certificates for the clients to authenticate. I configure my freeradius that only laptops in my domain can login to my wireless - safe enaugth - so all private laptops and strange laptops dont enter in my network. Only latops that a Administrator connect to the domain can login. So far all worked ok till windows 7. If i need i can create a server certificate and import this on my clients but i dont want use "client certificates". so Windows 7 works with EAP-TLS and PEAP only with a server zertificate ? Can you give me som link where can i read how to configure win7 for wlan? Bye luis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html a server
Strictly speaking this is actually true, However! You need to understand what is happening:
1) Win7 will not connect to a wireless network that is secured with a certificate enabled protocol without some prior configuration, period. This means that is you set up an AP using 802.1x with FreeRADIUS (or any server) as your AAA server your windows 7 (and Vista AFAIK) WILL NOT Authenticate successfully unless you specifically configure the client to do so. Gone are the days of click through protected WiFi setups in Windows. I have purchased a cert from thawte hoping that my clients will trust it and allow the connection without manually touching each machine but alas, no.
2) once correctly configured (depending on the auth protocol you are using) the client will accept the server's cert (the reason the auth is failing now) and send back its own cert for the server to inspect (if needed by the protocol).