On 22 April 2017 21:26:04 BST, Rob Rutledge <robertrutledge2005@charter.net> wrote:
I have had Freeradius up and running successfully since February. I set up a Windows 10 wireless client to authenticate to it along with an iPhone 6.
That's good.
For some reason the Windows 10 client quit working last week. (The iPhone is still working fine although I see in the debugs it is using TLS1.0)
I would have preferred​ to be back at exactly the same setup you had then, and look at the debug log, rather than change some stuff which now means you might have more broken things. But that's probably not possible now... The real question should be - what changed that stopped it working?
I assumed it was a problem with the certificates expiring, but creating new ones has not helped. Therefore I went back to the originals. I was not able to get the client.p12 certificate installed so instead I use WPAV2 and I did not specify the username/password in my AP. Therefore the authentication process would let me enter the username/password combination and then have me accept the certificate which I only had to configure once. Then it stopped working and I cannot even get past the username/password combination now.
(5) eap_peap: ERROR: TLS Alert read:fatal:access denied
Looks like it might be windows not trusting the server CA. Is the CA cert installed correctly in windows? If it authenticates with CA cert verification disabled, then this is certainly the problem. But don't do that in normal operation as it's not secure. -- Matthew