I saw that but wasn't sure if it was a general problem or a FreeRadius 
specific problem. Has anyone else had to obtain a "special" certificate 
to make Windows WPA work? I have a feeling I'm going to get a blank 
stare if I ask for that ;)

-Mike

On 04/02/2010 12:12 PM, Bruce Hudson wrote:
>> Slightly off topic, but I'm trying to configure FreeRadius V2 to work
>> with the Cisco Wireless Lan Controllers using WPA2. I'm running into
>> trouble with Windows clients. If I configure them NOT to verify the
>> certificate from the Radius Server, it connects. As soon as I configure
>> the "Verify Certificate" option, it fails. The Diagnostic seems to
>> indicate that it doesn't trust the certificate from the Radius Server,
>> which is a CA signed Verisign cert. A Mac client presents the
>> certificate on login, and I can either accept it or not. Windows isn't
>> doing that, it just fails.
>
>      The README file in FreeRadius certs directory includes the following
> statement:
>
> 	    The Microsoft "XP Extensions" will be automatically
> 	included in the server certificate.  Without those
> 	extensions Windows clients will refuse to authenticate
> 	to FreeRADIUS.
>
> I would guess that the certificate you got from Verisign does not include
> the extensions. If you figure out how to get them, please let me know.
> Dealing through our local certificate maintainer, I never could get an
> answer (or clear indication they knew what I was asking for).
> --
> Bruce A. Hudson				| [log in to unmask]
> ITS, Networks and Systems		|
> Dalhousie University			|
> Halifax, Nova Scotia, Canada		| (902) 494-3405