Windows radius with certificate config

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows radius with certificate config

L2 Linker

Hi there,


I am testing Radius configuration for our admin accounts using windows NPS over PEAP-MSCHAPv2. I have our local CA cert in the cert profile and configured all the required params like vendor specifi attributes,etc. When I run a test authentication profile and add my domain creds I get the message ''Response for user: "<user name>" from RADIUS server: "unable to get local issuer certificate; unknown CA" Authentication failed against RADIUS server at <server IP>:1812 for user "<user name>.

Has anyone else seen this?


L0 Member

I don't know if you've found the fix since you posted the question, but I figured my issue out. I had to not only import the Root CA and all Intermediate CA certs for my cert on my FreeRADIUS box in the certificates store on the PAN, but also had to add them to the Certificate Profile used for the RADIUS server profile. So the cert profile for the RADIUS server profile now has the cert for the client, AND all the CAs (Root and Intermediate) for the FreeRADIUS server.

I'm seeing this issue but haven't been able to get it licked. I have the certificate installed on the NPS as well as the PAN but am still getting the same error.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!