ok, it's good news then... if you followed exactly the steps, it should work fine.
to find the error, just put the same certificate which is available at the server side on your XP machine and open it using the crypto extensions (double-click). XP should say you what is missing. the most probable error would be imho an expiration date. the second possible would be the forgotten extension (as already said, both errors should not be there if you followed exactly the script, but still, check it). check the availability of the private key, check the certification path, XP should know the signing CA (meaning that the cert is signed by the CA whose certificate is installed under certification authorities).
regards,
artur
David Baer wrote:
The problem has been partially solved (or let's say: narrowed).
Somehow the server's certificate is not accepted by the XP-supplicant.
If the "Validate server certificate" check box is unchecked, the authentication
succeeds. To leave the server's certificate unvalidated is not very desirbale though.
I used the script by Ken Roser (http://www.freeradius.org/doc/EAPTLS.pdf) to generate the certificates. Any idea what I could have done wrong with the server's certificate?
david
-- Artur Hecker D�partement Informatique et R�seaux, ENST Paris http://www.infres.enst.fr/~hecker
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
