PEAP-MSCHAPv2 replace snakeoil certificates

Olivier Mahieu o_mahieu at hotmail.com
Fri Jan 10 20:12:12 CET 2020


Hello,

I'm configuring a FreeRadius Ubuntu server to replace Windows NPS server.
The Domain Controller is CA as well.

The server is part of the domain and MSCHAP is configured.

The "$ radtest -t mschap testuser testpassword 127.0.0.1 0 testing123" works as well.

Now, I want to replace the snakeoil certificate  by a generated server certificate, signed by Windows CA.

I generated freeradius.cer (Signed by Win CA), freeradius.key and placed them in dir's below. ALso the Win root CA, I added in /usr/local/share/ca-certificates.

[cid:6be2c43b-7b4f-4a79-8e69-5af486a693d9]

Following, when I change eap like below; even with absolute path instead of ${certdir}; I get freeradius failure.

[cid:a314427e-f5f0-4a90-8005-83d5d8032453]


Systemctl restart freeradius: failure.
radtest -t fails as well...

Can someone point me the right direction? Thanks!!!

Olivier

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImagebase640.png
Type: image/png
Size: 12996 bytes
Desc: pastedImagebase640.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200110/17bf03d7/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImagebase641.png
Type: image/png
Size: 7004 bytes
Desc: pastedImagebase641.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200110/17bf03d7/attachment-0003.png>


More information about the Freeradius-Users mailing list