Problems with Active directory integration

Paul Seward Paul.Seward at bristol.ac.uk
Tue May 17 12:17:38 CEST 2016


On 17 May 2016 at 11:05, Spider s <spidersoftware at gmail.com> wrote:

>
> When you refer to my client,  you refer to my AP (client of radius server )
> or my windows 7 client that connect to my ap.
>

The windows 7 client


> I want use only credentials and not install certs on my windows 7 client.
> (for this the directory active integration)
>

The conversation between the windows client and freeradius is encrypted
using the certificate you've installed on the radius server.  It looks like
your windows client is configured to check that the certificate the radius
server is using was issued by someone it trusts.  It's a self signed cert,
so windows doesn't trust it.

To make this work, you either need to tell the windows client not to check
the validity of the certificate that the radius server is using (bad idea!)
or put a copy of the CA which signed the certificate used by the radius
server onto the client and tell windows to trust it.

Does that make sense?

-Paul
-- 
----------------------------------------------------------------------
Paul Seward,    Senior Systems Administrator,    University of Bristol
Paul.Seward at bristol.ac.uk  +44 (0)117 39 41148    GPG Key ID: E24DA8A2
GPG Fingerprint:    7210 4E4A B5FC 7D9C 39F8  5C3C 6759 3937 E24D A8A2


More information about the Freeradius-Users mailing list