last hurdle...windows clients
Alan DeKok
aland at deployingradius.com
Sun Nov 23 09:59:25 CET 2008
Craig White wrote:
> OK - that quiets the notification but I still can't figure out the issue
> where I can authenticate RRAS, Macintosh and iPod clients against radius
> via LDAP using mschapv2 but even with the certificates on Windows XP
> clients, with the 'xpextensions' they always try to authenticate as
> 'uid=anonymous' and never ask me for name/password credentials to supply
> for authentication.
Then the supplicant is misconfigured.
> While I probably would agree that the certificates should be enough and
> not need the user/password authentication, I can't figure out how to
> tell radiusd to accept those with the certificates.
No. PEAP does MS-CHAP for username/passwd authentication. If you
want authentication via client certs, use TLS.
> Either way I would be happy...getting windows clients to provide
> username/password or getting radius to accept a client with the
> certificate.
There's something else in your windows configuration that is making it
*not* ask you for the username/password. Maybe it's cached in the registry.
Alan DeKok.
More information about the Freeradius-Users
mailing list