Yes, when the unknown_ca problem first surfaced the windows extensions were used in accordance with the available sources, and the CA was installed. When the "domain" item is left blank on the client, the authentication works with or without the extensions or the CA. The extensions and CA don't seem to be necessary for PEAP to work. Leaving the "domain" item blank is necessary (so far).
-atkinson > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Craig Huckabee > Sent: Thursday, February 10, 2005 5:30 PM > To: [email protected] > Subject: Re: PEAP and "fatal unknown_ca" > > > > All of you that are having this problem - do you have a server > certificate on your FreeRADIUS server that has the Microsoft specific > OIDs and the CA for that certificate installed on the client ? > > The built-in supplicant in XP will not validate that server > certificate > if it is missing that OID - as described in the EAP-TLS setup > documentation. I'm assuming the same applies to PEAP as well. > > HTH, > Craig > > > > > Dudley Atkinson wrote: > > > The problem I experienced was with both the XP built-in > client and the > > Cisco Aironet Utility. I haven't tried others. Maybe I > will try the > > Secure2W. > > > > -atkinson > > > > > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On > >>Behalf Of �ystein G�sdal > >>Sent: Thursday, February 10, 2005 1:34 PM > >>To: '[email protected]' > >>Subject: RE: PEAP and "fatal unknown_ca" > >> > >> > >>I too has experienced problems when I use the built in 802.1x > >>client in WinXP. If I try other clients, like Secure2W, it > >>works fine. My guess is that it is a bug in the built-in client. > >> > >>- Oystein > >> > >> > >> > >> > >>-----Original Message----- > >>From: Dan Armstrong [mailto:[EMAIL PROTECTED] > >>Sent: 10. februar 2005 02:51 > >>To: [EMAIL PROTECTED]; [email protected] > >>Subject: Re: PEAP and "fatal unknown_ca" > >> > >>Hello, > >> > >>I've just subscribed to the list, so pardon me if this was > >>covered... we > >>are using FreeRadius to authenticate PEAP over Cisco Aironets with > >>Windows XP. We can only get it working if we tell XP to > >>ignore the cert > >>that comes from radius - ie uncheck that "Validate Server > Certifiate" > >>box. Mac OS-X seems to work fine.. > >> > >> > >> > >> > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > / Craig Huckabee | e-mail: [EMAIL PROTECTED] / > / Code 715-CH | phone: (843) 218 5653 / > / SPAWAR Systems Center | close proximity: "Hey You!" / > / Charleston, SC | ICBM: 32.78N, 79.93W / > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
