Windows cannot authenticate with Freeradius
aland at deployingradius.com
Fri Sep 1 03:55:56 CEST 2017
On Aug 31, 2017, at 2:58 PM, Matthew Pulis <mpulis at gmail.com> wrote:
> My Windows clients (Win 7 and Win 10) cannot authenticate with Freeradius
> due to this error:
> routines:ssl3_read_bytes:tlsv1 alert unknown ca
It means that you didn't put the CA certificate on the Windows machine.
Go do that, and it will work.
> I have searched a bit around and seems to be a problem with the CA
> certification of the server. Is that correct?
The CA cert is fine. The problem is that the Windows machine doesn't have a copy of it, and therefore doesn't trust FreeRADIUS when it says "my server cert is signed with this CA".
> As far as I remember last year it was working, but now that I restarted the
> project and am planning to finalise it, we are getting this error. Maybe
> something happened in Windows environment - for example some update?
Something which deleted the CA certificate.
*or* the CA certificate was only valid for 12 months, and it expired.
> I haven't touched Freeradius these past 12 months and I forgot what I did,
This isn't a FreeRADIUS problem.
Put the CA cert on the Windows machines, and they will be able to authenticate.
More information about the Freeradius-Users