Make sure that you either don't validate the server certificate, or that if you do, that the CA is selected.

The XP supplicant will just keep hammering at the server without accepting the response if the CA / server checking doesn't pass.

The other thing to do is look at the RASTLS (and/or EAPOL) logs.

eg:
netsh ras set tracing rastls enabled

And then take a look at the files in c:\windows\tracing

Cheers,

Ben

On 10/10/05, Thuis Algemeen <thuis-algemeen@chello.nl> wrote:
Thanks Allan,

I used a file called xpextensions with both a client section and server a
server section.
The client certificate present on the laptop display's : Clientverificatie
(1.3.6.1.5.5.7.3.2)
The server certificate present on the server display's : Verificatie van de
server (1.3.6.1.5.5.7.3.1)

----- Original Message -----
From: "Alan DeKok" <aland@ox.org>
To: "FreeRadius users mailing list" < freeradius-users@lists.freeradius.org>
Sent: Sunday, October 09, 2005 5:49 PM
Subject: Re: authenticate problem XP eap/tls


> "Thuis Algemeen" < thuis-algemeen@chello.nl> wrote:
>>  Here the log from freeradius, the onl error I can see is :
>> "TLS_accept:error in SSLv3 read client certificate A".
>
>  That error is in the middle of the authentication session, and
> doesn't mean anything.
>
>  Do the certificates you're using have the Windows OID?
>
>  Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html