I have a problem with Certificate Logins on my Radius Server.
Service Pack 1
Service Pack 1
Authentificates with computer, or user certificate
The CA is in all certificate-stores of the Client and the Server, except
the untrusted store.
If I turn on the Client, with an valid computer certificate, I get the
following error message on the IAS-System Log:
User XXXX@XXXXX.COM was denied access.
Fully-Qualified-User-Name = fhe.intern/Users/Benutzer
NAS-IP-Address = 192.168.201.73
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 00-0C-6E-6D-66-5A
Client-Friendly-Name = FH07D3
Client-IP-Address = 192.168.201.73
NAS-Port-Type = Ethernet
NAS-Port = 313
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Cert-login
Authentication-Type = EAP
EAP-Type = Smart Card or other certificate
Reason-Code = 295
Reason = A certification chain processed correctly, but one of the CA
certificates is not trusted by the policy provider.
But the funny thing is, when I turn on the PEAP-Authentification, I
don't get any problem.
I also tried to re-request a new certificate for the client and the
Server and it did'nt help.
I use Certificates to authentificate, because Microsoft is unable to
make a Group Policy for the 802.1x Authentification, i would like to use
PEAP for all my clients but I don't like doing the same thing around 500
Thanks for your help
Bjoern A. Hoefer