Am 05.04.2011 07:31, schrieb Stefan Winter:
Hi,
The solution to the problem is simple. The answer is in front of
you.
Alan DeKok.
Looks like i'm blind...please give me a hint ;-)
Dude... supplicants are typically configured to trust only the exact one
certificate that is in the RADIUS Server (CN=... is in the supplicant
conf). If you change the Subject in the cert... the supplicant won't
like it any more.
Stefan
OK, once again; i have cloned a radius-server vm, the new radius-server
has a new DNS-Entry, IP and a new certificate. The wlan-ssid is
different from that one wich is used by the original radius.
I checked both certificates, they match the requirements given by
microsoft. The certificates are both singed by same CA, with same O,OU,
hash-algorithm, key strength... CN is logically different and is set to
host and dns name (are the same) from the new radius, like:
CN=new-radius.mydomain.mycountry
The complete certification path is installed on the client. The client
don't have an extra client certificate, server certificate check is
turned off in wireless settings.
A cisco wireless controller is used for both SSIDs.
Original radius works fine, with both SSIDs, new radius does not.
So what's wrong?
Juergen
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
