No EAP/TLS with XP SP3 since End December

Alexandros Gougousoudis gougousoudis-list at
Mon Jan 3 13:04:12 CET 2011

Hi Phil,

Phil Mayers schrieb:
> To be clear, all windows clients fail? But other clients succeed?
Exactly, Ubuntu can authenticate, all XP not.
> It is possible a windows update has removed the intermediate 
> certificate from the client(s). IIRC Microsoft have done this in the 
> past, expecting the intermediate CA to be provided during TLS 
> negotiation. In this case, you need to have the correct CA (chain) at 
> the FreeRadius side. Have you got this configured correctly?
Yes, Server cert/key and Client cert/key origin from the same CA, which 
is also present at the radius-server. At least that wasn't a problem 
since 2 years, after I worked out how to use Radius with XP SP3.

> It won't help running such an old version of FreeRadius.
Yes, but it was enough for us, since we don't need Vista and Win 7 
support. I'am working currently on Debian Lenny to make the 2.10 coming 
over lenny-backports work. But it's not easy and I don't know if it 
fixes the problem. I think an MS security-update killed the radius 

Is anyone having a working auth with Freeradius und a fully patched XP 
Pro SP3?


More information about the Freeradius-Users mailing list