<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The certificates that were generated when the server was installed (on FreeRadius). On the LDAP is a publically signed cert. Its funny because the Mac and
Iphone clients connect they accept the cert but the Win 8.1 client does not seem to. Since I am using TTLS I assumed that I did not need to copy a cert to the client. I have read in some places that the CA cert needs to be copied. I did copy the cert (ca.pem)
from /etc/freeradius/certs and imported it into the Trusted Root Certification Authorities but did not see it show up. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As far as client config goes I think I got all the options:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">WPA2-Enterprise<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Security Tab - -> EAP-TTLS as connection method<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Settings button
</span><span style="font-size:11.0pt;font-family:Wingdings;color:#1F497D">à</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> Disable Identity Privacy and Select PAP as “non-EAP method for authentication” (which says unencrypted
password (PAP)).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Alex<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> freeradius-users-bounces+alex=c2company.com@lists.freeradius.org [mailto:freeradius-users-bounces+alex=c2company.com@lists.freeradius.org]
<b>On Behalf Of </b>Tomasz Karczewski<br>
<b>Sent:</b> Thursday, August 14, 2014 1:32 PM<br>
<b>To:</b> FreeRadius users mailing list<br>
<b>Subject:</b> Re: Secrets to getting Windows 8.1 to connect to PEAP-TTLS and PAP<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Verdana","sans-serif";color:#274E13">What kind of certificate do you have ?<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">2014-08-14 21:46 GMT+02:00 <<a href="mailto:A.L.M.Buxey@lboro.ac.uk" target="_blank">A.L.M.Buxey@lboro.ac.uk</a>>:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
> Are there any secrets to getting Win 8.1 client to connect with TTLS and PAP? I have done all of the custom settings in the network config but the server is just ignoring those settings and choosing to try TLS with certs even though I have TTLS selected
client side. As of 8.1 is this supposed to work natively inside the OS? Are there any tips to getting it to work? My Mac clients connect fine with a profile created and pushed.<br>
><o:p></o:p></p>
</div>
<p class="MsoNormal">Windows 8 made TTLS native - you really just need to ensure ALL the bits in the supplicant are<br>
configured - go to the advanced settings and ensure the system is using 'user authentication' etc<br>
<br>
i hope they (MS) fixed the EAP-TTLS/MS-CHAPv2 bug by now - EAP-TTLS/EAP-MSCHAPv2 worked fine :-)<br>
<br>
alan<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">
http://www.freeradius.org/list/users.html</a><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<br>
-- <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Pozdrawiam<br>
Tomasz Karczewski<br>
--------------------------------------------------------<br>
<a href="http://www.facebook.com/puzzelbeats" target="_blank">Facebook</a><br>
<a href="http://soundcloud.com/puzzel" target="_blank">SoundCloud</a><br>
<a href="http://www.youtube.com/user/puzzelmusic" target="_blank">YouTube</a><o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>