PEAP/MSCHAPv2 and WinXP

apolyxrono apolyxrono at yahoo.co.uk
Fri Mar 23 13:04:39 CET 2007


Hi Damian,

I have configured freeradius for PEAP/MSCHAPv2 authentication, no client
certificates, with a WinXP supplicant. When i created the certificates i
studied these guides : http://www.linuxjournal.com/article/8095 ,
http://www.linuxjournal.com/article/8151. 

I copied the server certificate to the radius server as the guide said ,
and some other files like dh , random. I did not make client
certificates. In PEAP/MSCHAPv2 authentication client certificates are
not necessary. 

On Thu, 2007-03-22 at 15:30 -0700, Damian Davalos wrote: 
> Hello,
> 
> I have a question I can't seem to answer with the mail archives or
> documentation. 
> 
> Let me begin by explaining what I'm trying to do:
> 
> - PEAP/MSCHAPv2 authentication, no client certificates, with a WinXP
> supplicant. 
> - The server certificate is self-signed.
> 
> >From the FAQ, I have:
> 
> - Installed the hot fix from MS KB 885453
> - Included the required OID 1.3.6.1.5.5.7.3.1 in the server certificate
> - Followed MS requirements for server certificates in KB 814394
> 
> The only way I can get this setup to work, is if I import my root
> certificate onto my
> client machine. Otherwise, I get the typical Access-Request and
> Access-Challenge back
> and forth. 
> 
> My question: Is importing the root certificate onto your client necessary
> when self-signing 
> your own server certificate?
> 
> If not, then I guess I'm still doing something wrong, but I would like to
> make sure before I
> continue to troubleshoot. 
> 
> Any help is greatly appreciated.
> 
> Regards,
> 
> Damian Davalos
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


		
___________________________________________________________ 
Inbox full of spam? Get leading spam protection and 1GB storage with All New Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html



More information about the Freeradius-Users mailing list