Windows xp peap validating identity
this really needs to be set somehow globally (on the NPS server?
) as it is student (non domain) laptops and we don't want them to have to configure anything, is this possible?
Try to export root certificate from NPS, or another domain joined PC/Server and import to the clients to see if that helps.
To find out which certificate is root - look at NPS certificate - go to certification path, and mark the root certificate - choose copy to file ...
- win 2008r2 radius server - authenticating win7 wireless clients (ruckus wireless setup) connecting to the wlan works fine on i Phone and any ios device.
i choose the WLAN, enter AD username and password and get prompted to install a certificate from the radius server. I am NOT prompted to install a certificate, This event is recorded in the NPS log on the W2K8 R2 radius box.
Just to make sure: YOu've configured NPS Remote Access Policies to authenticate PCs (and i Os devices) using PEAP-Ms Chap V2 ?
Hi Everyone, I just followed the steps @ is the output of radiusd -X -z[[email protected] ~]# radiusd -X -z Starting - reading configuration files ...reread_config: reading Config: including file: /etc/raddb/Config: including file: /etc/raddb/Config: including file: /etc/raddb/Config: including file: /etc/raddb/main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslist Using deprecated naslist file.Fortunately or unfortunately, Windows doesn't just let you bypass an incorrect certificate without some hoops.As you mentioned that you didn't want the students to have to do anything other than supply a username and password, I didn't mention installing the certificate on student machines.and follow this procedure: jakob_di pointed out, PEAP creates an encrypted tunnel to exchange UN/PWD, otherwise the credentials would be susceptible to sniffing, which would be a security risk.Another thing the certificate does is to establish the identity of the RADIUS server (and therefore the wireless), helping to prevent connecting to the wrong access point (for example if someone set one up with the same SSID) and then giving away credentials.