last hurdle...windows clients

Craig White craigwhite at azapple.com
Sun Nov 23 02:38:36 CET 2008


On Sun, 2008-11-23 at 00:24 +0100, tnt at kalik.net wrote:
> >I don't understand the message about unknown_ca in the log below either
> >because I am acting as my own CA and this same cacert.pem seems to be
> >happy on the Windows system I imported it on and I've been using it for
> >a bunch of other daemons.
> >
> 
> It probably wants cacert.der.
----
OK - that quiets the notification but I still can't figure out the issue
where I can authenticate RRAS, Macintosh and iPod clients against radius
via LDAP using mschapv2 but even with the certificates on Windows XP
clients, with the 'xpextensions' they always try to authenticate as
'uid=anonymous' and never ask me for name/password credentials to supply
for authentication.

Thus since my Default Auth Type = LDAP (in users), these clients always
fail authentication.

While I probably would agree that the certificates should be enough and
not need the user/password authentication, I can't figure out how to
tell radiusd to accept those with the certificates.

Either way I would be happy...getting windows clients to provide
username/password or getting radius to accept a client with the
certificate.

Craig




More information about the Freeradius-Users mailing list