Hi, > to these servers" client field, just enter the 'common name' entered on > the certificate? I wonder if a wildcard cert would work for this. As in > *.myorg.ca, then entering *.myorg.ca for client servers field. Just asking > because I have one of those.
depends on supplicant - some understand wildcards...some just need the domain name to be specified > In the README file there is this warning: > > "You will have to ensure that the certificate contains the XP > extensions needed by Microsoft clients." > > But I can't find any further information about it. How do I ensure my > certificate has these extensions? Would a CA signed cert have this? check the FreeRADIUS certificate makefile - you can see the xpextensions file and the required attributes. you can use the openssl tool to view the certificate in text mode - whethr the CA will sign it - you may have to request this functionality alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
