Intermediate root CA issue
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Wed Feb 22 23:49:52 CET 2012
Hi,
> We're trying to get a GlobalSign issued wildcard CA to work on our radius server that is authenticating users via PEAP/MSCHAPv2 to Active Directory. We're good on Android devices and iOS devices. With Windows 7 (SP1) we're fine as long as we leave "validate server certificate" unchecked. As soon as we enable that check, authentication fails and we get the radius log entries listed below. I've pointed a web browser to an Apache server running the same certificate chain (server cert, intermediate GlobalSign cert, GlobalSign Root CA) and have verified that the cert does provide the Server Authentication (1.3.6.1.5.5.7.3.1) Extended Key usage. The cert listed in the "certificate_file" entry in /etc/freeradius/eap.conf contains, is the catted contents of the wildcart cert, the intermediate cert, and the root CA (which, in theory, since Windows 7 includes this shouldn't be needed?), all in one file.
when you do select the validate server certificate, what else are you putting into the boxes - the server name and
checking/ticking the root CA entry?
alan
More information about the Freeradius-Users
mailing list