Cisco EAP-TLS w/Win2003 CA server

I'm having a hell of a time getting EAP-TLS working with a Microsoft
CA issuing the Certs. I have PAEP working with no problems in the same
environment (laptop WinXP, switch port Cisco Cat 4003, Cisco ACS Server
3.2.3 and username Win2003 AD). I'm thinking that it has to do with
how the CA server is issuing the User Cert and what AD is looking from
the Cert to authenticate it with a user. What I see from my client
when trying to use EAP-TLS is "Attempting to authenticate" it never
fails or passes. I never see anything in the ACS logs that says Pass
or Fail.

Anyone else have this problem? I'm sure that I'm missing some very
simple step or check box somewhere but it's driving me crazy and I
help some help.

BTW, I have tried Cisco Test Certs from the following URL and
wouldn't you know it works so I know the environment if correct, like
I said I like it is the Cert but not sure how to fix it.

http://www.cisco.com/en/US/netsol/n...ons_white_paper09186a008009256b.shtml#wp39021

 

we had a lab setup to compare various radius solutions and discovered that
this setup works best for us using freeradius on linux.

We created the certs using openssl, the only caveat is to add the proper
usage in openssl.conf
even the replication of certificated across various servers works like a
charm

hope that helps

al