EAP-TTLS works for MacOS supplicants but not Win10
Evan Sharp
evan.sharp at coastmountainacademy.ca
Wed Sep 16 00:49:30 CEST 2020
Hi Alan,
Thanks for the quick reply!
> The CA cert used by FreeRADIUS isn't configured on the Windows machine.
Does that cert come pre-configured in MacOS and ChromeOS? These are BYOD
computers so I haven't touched them, but all the Mac clients have been
plug-and-play.
Evan
On Tue, Sep 15, 2020 at 2:12 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Sep 15, 2020, at 4:42 PM, Evan Sharp <
> evan.sharp at coastmountainacademy.ca> wrote:\
> > This is my first message so please advise me of any participation gafs.
>
> http://wiki.freeradius.org/list-help
>
> > I have a working 801.2x wifi termination with Aruba APs binding Google
> LDAP
> > users via FreeRADIUS 3.0.21 using EAP-TTLS. It is only successful with
> > MacOS supplicants though. When I start debugging Windows 10 clients, the
> > connection fails somewhere.
> >
> > Comparing debug outputs, the win10 exchange just seems to stop, with no
> > errors thrown, where the mac flow otherwise continues.
>
> "it just stops".
>
> 99% of the time it's a certificate issue. The CA cert used by
> FreeRADIUS isn't configured on the Windows machine.
>
> > Although the users for testing are different, there is no explicit
> > Auth-reject to tell me that's the issue.
>
> Because FreeRADIUS isn't rejecting the user. Instead, the Windows
> system is refusing to talk to FreeRADIUS.
>
> Configure the certificates, etc. on Windows, and it will work. There
> are EAP-TLS guides on the FreeRADIUS Wiki. They contain information about
> Windows, and the certificate configuration is largely the same as for
> EAP-TTLS.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list