I'm trying to configure a Mikrotik metal access point for radius client authentication against a windows 2008 R2 server. The AP is talking to the radius server and I can see that the right certificate is being sent. I have two issues.

1) If I actually check the certificate validity, windows always sends an access-reject. I have some issue with either policies or certificate generation. This one I am working on.

2) To test the wireless portion at least, I set the windows radius server to not check the validity of certificates and just assume they are valid. This gets me my access-accept message back to the mikrotik but the mikrotik still de-auths the client and disconnects. any suggestions as to why it would be doing that? I have re-created the shared secret between windows and the mikrotik just to make sure I didn't have a typo in that. No change.

Basically, I get my Access-Accept message followed by a signature and some radius attributes and then I get the 8c:70:..@wlan1-gateway:disconnected, 802.1x authentication failed.

I'm not sure what to try next. It is version 5.25 routerOS on a Metal 2SHPn

Thanks

Craig

Thanks for any suggestions.