Windows radius with certificate config

Reply
Highlighted
L1 Bithead

Windows radius with certificate config

Hi there,

 

I am testing Radius configuration for our admin accounts using windows NPS over PEAP-MSCHAPv2. I have our local CA cert in the cert profile and configured all the required params like vendor specifi attributes,etc. When I run a test authentication profile and add my domain creds I get the message ''Response for user: "<user name>" from RADIUS server: "unable to get local issuer certificate; unknown CA" Authentication failed against RADIUS server at <server IP>:1812 for user "<user name>.

Has anyone else seen this?

Highlighted
L0 Member

Re: Windows radius with certificate config

I don't know if you've found the fix since you posted the question, but I figured my issue out. I had to not only import the Root CA and all Intermediate CA certs for my cert on my FreeRADIUS box in the certificates store on the PAN, but also had to add them to the Certificate Profile used for the RADIUS server profile. So the cert profile for the RADIUS server profile now has the cert for the client, AND all the CAs (Root and Intermediate) for the FreeRADIUS server.

Highlighted
L0 Member

Re: Windows radius with certificate config

I'm seeing this issue but haven't been able to get it licked. I have the certificate installed on the NPS as well as the PAN but am still getting the same error.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!