Hello, I wonder if anyone else has come across this already... Google is not very helpful here.
We're setting up a VPN Server (strongswan) with Windows 7 in IKEv2 mode. The client side is supposed to authenticate with PEAP(*) to FreeRADIUS. That works pretty well, but on the first PEAP connection to the server, there's a big fat warning on the Win 7 UI: "You're connecting to a server which is not a valid NPS Server for this domain. You are strongly discouraged from continuing... bla..." If you click Connect, *everything works*. Now I'm wondering what needs to be done to make that useless warning go away... Maybe the FreeRADIUS server certificate needs yet another Extended Key Usage or so? I didn't really find helpful documentation. I wonder why it's Win 7's business anyway: of course the other end is not a NPS server. It's FreeRADIUS. But why would an EAP client consider it its own business to warn about a vendor discrepancy on the RADIUS far end? Greetings, Stefan Winter (*) If you just select EAP-MSCHAPv2 (no inner tunnel), the end result at the FR side is a crippled User-Name (which makes it impossible to auth users). Whether it's Win 7 or the strongswan EAP -> RADIUS conversion that gets it wrong, I don't know. -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html