Windows xp peap validating identity Sexrandomchat omline
It's not a recommended configuration to have a external root CA sign your RADIUS server's certificate.
This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.
Finally, to trust the certificate chain offered by the NPS server, the wireless client must have the root CA certificate of the issuing CA of the NPS server certificate installed in its Trusted Root Certification Authorities Local Computer store.
rad_recv: Access-Request packet from host 10.10.0.248, id=0, length=123 User-Name = "scott" NAS-IP-Address = 10.10.0.201 Called-Station-Id = "001d7e2fa43c" Calling-Station-Id = "0014a4439321" NAS-Identifier = "001d7e2fa43c" NAS-Port = 49 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a0173636f7474 Message-Authenticator = 0xc091f4c08c545d39e360712a422185d2 Processing the authorize section of modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "scott", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "scott" rlm_realm: Proxying request from user scott to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "suffix" returns updated for request 0 rlm_eap: Request is supposed to be proxied to Realm NULL.
modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 157 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0.
The Windows wireless client does not use these values.
For the wireless client to validate the certificate of the NPS server, the following must be true for each certificate in the certificate chain sent by the NPS server: Additionally, the NPS server computer certificate must have the Server Authentication EKU (object identifier [OID] 220.127.116.11.18.104.22.168.1).
These machines belong to the end users so we can't easily control settings with group policy or registry hacks.