mschap configuration problem
Piviul
piviul at riminilug.it
Tue Jul 14 17:00:55 CEST 2020
Alan DeKok ha scritto il 14/07/20 alle 16:17:
> On Jul 14, 2020, at 8:53 AM, Piviul <piviul at riminilug.it> wrote:
>>
>>> (30) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0048] (30) eap_peap: >>> send TLS 1.0 Alert [length 0002], fatal handshake_failure (30) eap_peap: ERROR: TLS Alert
>
> Windows is doing TLS 1.3. There is no standard yet for EAP with TLS 1.3
>
> Edit mods-available/eap, and set:
>
> tls_max_version = "1.2"
but win 10 can connect... any way I have uncommented the option but
nothing changed
>> and on the win7 client:
>>>
>>> (14) eap_peap: <<< recv TLS 1.2 [length 0002] (14) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
>
> You didn't put the root CA onto the Windows machine.
no, I did it; I have installed the ca.der putting it in the Trusted Root
CA. Furthermore on the connection I have selected to validate server
certificate and selected the certificate imported in the trusted root ca.
And are the same settings I've set in win10...
Piviul
More information about the Freeradius-Users
mailing list