hi Frederic
I think, they are well installed, like it's explained in most HOWTOs, but..
then i don't know.
What do you want to say is that win2K is going to take EAP-Identity value in client certificate, before EAP-TLS challenge start ?? I don't think so, it doesn't work like that with Xsupplicant/FreeRADIUS and it's not describe like this in RFC.
no. what i want to say is that you force Windows to use EAP/TLS and it gets now the EAP Request Identity message. it has to reply to this message and it does need at least one identity for that. Unless you tell it to use some other identity (there is a check box you can mark), it will automatically take the CN out of the installed certificate. If there is no certificate (or it is not where it should be, or it is in the machine repository but the machine identification is not on, or the certificate is invalidated by something like expiration or not available root certificate or or or or), well then Windows simply does not have any idea what to reply to the Authenticator, does it?
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
