Wi-Fi Authentication on Active Directory

Alan DeKok aland at deployingradius.com
Fri Oct 25 15:21:45 CEST 2013


Bruno de Paula Larini wrote:
> I'm trying to use FreeRADIUS 2.2.0 on Fedora 19 to authenticate Wi-Fi
> clients (Windows 7) against a MS Active Directory domain (Windows Server
> 2008 R2). The access point is a MikroTik RouterOS v5.11. I've already
> joined the FreeRADIUS machine into my AD domain and both 'wbinfo -a' and
> 'ntlm_auth' can successfully authenticate domain users. Then, I've
> followed the instructions on the Wiki for FreeRADIUS 2.x and set up the
> server accordingly.

  That all seems fine.

> However, 'radiusd -X' tells that the Windows clients
> didn't reply the request and there's a url to the Wiki, explaining why
> it couldn't finish. The root and the client (self-signed) certificates
> are already installed on a test client, and I think I've created them
> following the recommended way (as told in README file on raddb/certs).
> I've checked the comments on raddb/eap.conf, but I'm not sure what to do
> next.


> Is there some way to make the Windows clients trust the request?

  http://deployingradius.com/

  Read the 4-step HOWTO on the bottom of the page.  It details a
step-by-step process to getting EAP to work on Windows machines.  It
WILL work.

  If the Windows box just stops the EAP session... the content on the
Wiki page describes what to do.  There really isn't anything else which
can fix the problem.

  Alan DeKok.


More information about the Freeradius-Users mailing list