On 01/03/2011 11:09 AM, Alexandros Gougousoudis wrote:
Alan DeKok schrieb:
See if your certificate has expired.
Nope, that was the first I've checked. Server and client-cert are still
valid. It seems, that no XP client (even some old SP2 clients) can logon
anymore, Ubuntu can.
Is there some possibility to force a "Login OK" as a Default-Action in
the "users"-file? That could take out the pressure here.
No. EAP must complete successfully - it is a challenge/response. You
can't just skip to the end of the "response".
To be clear, all windows clients fail? But other clients succeed?
It is possible a windows update has removed the intermediate certificate
from the client(s). IIRC Microsoft have done this in the past, expecting
the intermediate CA to be provided during TLS negotiation. In this case,
you need to have the correct CA (chain) at the FreeRadius side. Have you
got this configured correctly?
It won't help running such an old version of FreeRadius.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
