They are, it's part of our default domain policy. On Tue, Aug 9, 2011 at 20:29, Sallee, Stephen (Jake) <[email protected]>wrote:
> > Windows clients are on the domain, so the user cert and the CA are > added by default when you join the machine to the domain**** > > That is true so long as you are using a self-signed cert assigned by your > enterprise CA. We had this same issue and we had to manually import the > cert to get it to work. Our computers are on a Windows AD Domain. Hope > that helps.**** > > ** ** > > Jake Sallee**** > > Godfather of Bandwidth**** > > System Engineer**** > > University of Mary Hardin-Baylor**** > > 900 College St.**** > > Belton, Texas**** > > 76513**** > > Fone: 254-295-4658**** > > Phax: 254-295-4221**** > > ** ** > > *From:* > freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org[mailto: > freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org] *On > Behalf Of *Petar Marinkovic > *Sent:* Tuesday, August 09, 2011 12:17 PM > *To:* FreeRadius users mailing list > *Subject:* Re: Validate server certificate problem**** > > ** ** > > Windows clients are on the domain, so the user cert and the CA are added by > default when you join the machine to the domain**** > > On Tue, Aug 9, 2011 at 18:29, Sallee, Stephen (Jake) <[email protected]> > wrote:**** > > I believe you need to install the server cert and any intermediate certs on > the client before the validate server cert option will work.**** > > **** > > Jake Sallee**** > > Godfather of Bandwidth**** > > System Engineer**** > > University of Mary Hardin-Baylor**** > > 900 College St.**** > > Belton, Texas**** > > 76513**** > > Fone: 254-295-4658**** > > Phax: 254-295-4221**** > > **** > > *From:* > freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org[mailto: > freeradius-users-bounces+jake.sallee=umhb....@lists.freeradius.org] *On > Behalf Of *Petar Marinkovic > *Sent:* Tuesday, August 09, 2011 11:16 AM > *To:* [email protected] > *Subject:* Validate server certificate problem**** > > **** > > I've set up latest version of FreeRadius from source on Ubuntu, and I > cannot get EAP-TLS and PEAP to work when the option "Validate server > certificate" is on. We're using Windows CA to be able to auth users on the > domain. I saw this old article > http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-October/msg00515.html > on > how to generate server certificate, but that fails for me in both ways**** > > 1st fails because of a missing template on Windows CA - how to create the > template to match what freeradius needs?**** > > 2nd fails with the following error CA certificate and CA private key do not > match**** > > 2634:error:0B080074:x509 certificate routines:X509_check_private_key:key > values mismatch:x509_cmp.c:406:**** > > That's strange, cause CA cert and CA private key are in the same file (as > noted in the text) and I didn't mistake the password (since I followed the > message blindly, with the same password).**** > > **** > > When I untick the "Validate server certificate" in Windows clients (XP, > Windows 7) I'm able to connect with both EAP-TLS and PEAP**** > > **** > > Any help is appreciated, thanks in advance.**** > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html**** > > ** ** > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
