FR not working with AD...
Alan DeKok
aland at deployingradius.com
Thu May 22 08:38:07 CEST 2008
Karthik R wrote:
> I'm trying to configure freeradius2.0.3 to authenticate wireless users
> against AD.
You should probably use 2.0.4, for a number of reasons.
> Installed CA.der certificate alone on the windows xp supplicant, i didnt
> generate individual client certificate as i dont want the users to be
> have less task to configure wireless . As per my understanding and in
> previous freeradius it worked this way installing root.der certificate
> alone and without individual supplicant certificate.
Yes.
> I'm unable to authenticate the users against AD. can someone throw some
> light here. Attached the log message.
>...
> routines:SSL3_SEND_SERVER_KEY_EXCHANGE:missing tmp rsa key
> rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
Weird. I've never seen that before. It looks like the Windows
machine is not doing all of the SSL exchange.
Try un-checking "validate server certificate" on the Windows box.
It's not a good idea for production use, but it may help for testing.
Alan DeKok.
More information about the Freeradius-Users
mailing list