config on client follows exactly what the howto reccomends with the 1 change of checking "authenticate as computer when computer information is available". Which as you can see does attempt to auth.
The cert options are set as in this picture: http://wiki.freeradius.org/Image:100000000000017F000001D2C7856F9F.png I just reread this section here on the howto "Certificate validation is strongly recommended for wireless configurations, and optional for wired deployments. Select « Validate server certificate » and check ONLY the CA for your FreeRADIUS server (the one you installed above). Also select « Connect to these servers » and enter the Common Name of the server certificate. If you are configuring a wired ethernet interface, you can leave certificate verification off in your supplicants: just deselect « Validate server certificate ». Either way, select « EAP-MSCHAP v2 » as authentication method. Click the « Configure » button next." So I will enable cert validation retry and post back. Cheers for the info /tip :) On 7/6/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi, > > > This url here looks like what I need > > http://support.novell.com/docs/Tids/Solutions/10100693.html but their > > instructions are pretty lousy "For machine-based authentication or > > user based authentication, modify the RADIUSD.CONF file by adding the > > following lines:" doesnt say where or what section to add said lines > > to and we all know how touchy the radiusd.conf file is. > > those parts can go pretty much anywhere in the main config file - eg > stick them at the end of the file. > > from what I can see of the log the NTLM is working fine - the NTKEY > reply matched and its all okay. which leaves me to assume that a > config on the client isnt correct - is the machine configured to validate > the RADIUS server and does it have the correct 'tick' for the certificate > and host name for the server to validate? > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html