Authenticating Laptop without a Certificate Installed

McSparin, Joe jmcsparin at
Tue Jan 24 23:09:57 CET 2012

The CA cert. 

Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcsparin at

-----Original Message-----
From: at lists.freerad
[ at lists] On Behalf Of Phil Mayers
Sent: Tuesday, January 24, 2012 3:13 PM
To: freeradius-users at
Subject: Re: Authenticating Laptop without a Certificate Installed

On 01/24/2012 08:53 PM, McSparin, Joe wrote:
> When I connect a mobile phone or a tablet to my wireless network it
> works fine even though they don't have a certificate installed. I am
> checking the MAC address and putting them into a public vlan if it is
> not found. However when I connect a windows laptop that does not have
> certificate installed it doesn't allow it. It won't connect and radius
> says it has an unknown CA I am using PEAP which it is my understanding
> would allow you to connect with a user name and password and no
> certificate if you told it not to validate the certificate. It is
> important that people be able to connect even if they don't have a
> certificate and I just control it based on the mac address.

Frankly this email confused me.

WHICH certificate are you talking about?

There is:

  1. A server cert
  2. The CA cert that signs the server cert
  3. Optionally (not usually) a client cert

PEAP normally REQUIRES that #2 be installed on the clients.
List info/subscribe/unsubscribe? See

This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.

More information about the Freeradius-Users mailing list