PEAP-MSCHAPv2 replace snakeoil certificates
Olivier Mahieu
o_mahieu at hotmail.com
Fri Jan 10 20:12:12 CET 2020
Hello,
I'm configuring a FreeRadius Ubuntu server to replace Windows NPS server.
The Domain Controller is CA as well.
The server is part of the domain and MSCHAP is configured.
The "$ radtest -t mschap testuser testpassword 127.0.0.1 0 testing123" works as well.
Now, I want to replace the snakeoil certificate by a generated server certificate, signed by Windows CA.
I generated freeradius.cer (Signed by Win CA), freeradius.key and placed them in dir's below. ALso the Win root CA, I added in /usr/local/share/ca-certificates.
[cid:6be2c43b-7b4f-4a79-8e69-5af486a693d9]
Following, when I change eap like below; even with absolute path instead of ${certdir}; I get freeradius failure.
[cid:a314427e-f5f0-4a90-8005-83d5d8032453]
Systemctl restart freeradius: failure.
radtest -t fails as well...
Can someone point me the right direction? Thanks!!!
Olivier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImagebase640.png
Type: image/png
Size: 12996 bytes
Desc: pastedImagebase640.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200110/17bf03d7/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImagebase641.png
Type: image/png
Size: 7004 bytes
Desc: pastedImagebase641.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200110/17bf03d7/attachment-0003.png>
More information about the Freeradius-Users
mailing list