Windows 10 EAP-TTLS with client certificate

Ján Máté jan.mate at inf-it.com
Mon Jan 27 15:17:28 CET 2020


Hi Alan,

thanks for the exact answer. I decided to use EAP-TLS with "check-eap-tls" virtual server, where I check whether the account for the given certificate is active (the certificate revocation may take more time than the account deactivation).

Everything now works as expected, there is only one minor "bug" - the server log contains:

WARNING: Outer and inner identities are the same.  User privacy is compromised.

even if there is no inner identity (it's EAP-TLS not EAP-TTLS) :-)


JM


> On 22 Jan 2020, at 03:13, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Jan 21, 2020, at 8:02 PM, Ján Máté <jan.mate at inf-it.com> wrote:
>> I successfully installed and configured our FreeRADIUS server with the following results:
>> 
>> 	EAP-TLS	=> works on Windows 10, iOS 13, macOS 10.15 (Catalina)
>> 	EAP-TTLS + PAP (LDAP auth) => works on Windows 10, iOS 13, macOS 10.15
>> 	EAP-TTLS + PAP (LDAP auth) + client cert => NOT works on Windows 10, but works on iOS 13, macOS 10.15
> 
>  Windows doesn't do client certificates for TTLS. :(
> 
>  Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list