That's what I thought, thanks for confirming it. We re authenticating against a windows domain, but via PEAP/MSCHAPV2/NTLM_AUTH, which isn't the same thing....
-atkinson > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of �ystein G�sdal > Sent: Thursday, February 10, 2005 1:41 PM > To: '[email protected]' > Subject: RE: PEAP and "fatal unknown_ca" > > > You don't but that info into your certificate. > The DOMAIN info is only used if you are going to authenticate > against a Windows Domain. If you are authenticating against > the users file, or a SQL Server, just leave it blank. > > - �ystein > > -----Original Message----- > From: Dudley Atkinson [mailto:[EMAIL PROTECTED] > Sent: 10. februar 2005 16:47 > To: [email protected] > Subject: RE: PEAP and "fatal unknown_ca" > > Perhaps so, but I'm not sure what I can put into the > certificates to alter that behavior. There is no explicit > "domain" entry in a certificate? > > If your windows domain is "OFFICE-LAN", how would you > construct your certificate information to incorporate that? > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Zoltan A. Ori > > Sent: Wednesday, February 09, 2005 11:02 PM > > To: [email protected] > > Subject: Re: PEAP and "fatal unknown_ca" > > > > > > On Wednesday 09 February 2005 19:06, Dudley Atkinson wrote: > > > So the problem is solved, but I wanted to post so that the next > > > unfortunate that happens along with this problem has some > point of > > > reference. > > > > > > The "unknown_ca" error and the related "unknown > > certificate" error I > > > got later with a reconfiguration were both stemming from the same > > > problem. In Windows XP when PEAP is setup, there is a box > > for stating > > > the domain of the user. When I had the domain in that box, > > I got the > > > error. By leaving the box blank, the error resolved and PEAP > > > authenticated successfully. > > > > > > I will post again when I have more information as to why > this is so. > > > > > It is probably so due to the information you entered into > > your certificates. > > It has nothing to do with freeRADIUS or your supplicant. > > > > > > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
