Secrets to getting Windows 8.1 to connect to PEAP-TTLS and PAP

Alex Gregory alex at c2company.com
Thu Aug 14 22:53:28 CEST 2014


The certificates that were generated when the server was installed (on FreeRadius).  On the LDAP is a publically signed cert.  Its funny because the Mac and Iphone clients connect they accept the cert but the Win 8.1 client does not seem to.  Since I am using TTLS I assumed that I did not need to copy a cert to the client.  I have read in some places that the CA cert needs to be copied.  I did copy the cert (ca.pem) from /etc/freeradius/certs and imported it into the Trusted Root Certification Authorities but did not see it show up.

As far as client config goes I think I got all the options:

WPA2-Enterprise
Security Tab - -> EAP-TTLS as connection method
Settings button --> Disable Identity Privacy and Select PAP as “non-EAP method for authentication” (which says unencrypted password (PAP)).

Thanks,

Alex



From: freeradius-users-bounces+alex=c2company.com at lists.freeradius.org [mailto:freeradius-users-bounces+alex=c2company.com at lists.freeradius.org] On Behalf Of Tomasz Karczewski
Sent: Thursday, August 14, 2014 1:32 PM
To: FreeRadius users mailing list
Subject: Re: Secrets to getting Windows 8.1 to connect to PEAP-TTLS and PAP

What kind of certificate do you have ?

2014-08-14 21:46 GMT+02:00 <A.L.M.Buxey at lboro.ac.uk<mailto:A.L.M.Buxey at lboro.ac.uk>>:
Hi,

> Are there any secrets to getting Win 8.1 client to connect with TTLS and PAP?  I have done all of the custom settings in the network config but the server is just ignoring those settings and choosing to try TLS with certs even though I have TTLS selected client side.  As of 8.1 is this supposed to work natively inside the OS?  Are there any tips to getting it to work?  My Mac clients connect fine with a profile created and pushed.
>
Windows 8 made TTLS native - you really just need to ensure ALL the bits in the supplicant are
configured - go to the advanced settings and ensure the system is using 'user authentication' etc

i hope they (MS) fixed the EAP-TTLS/MS-CHAPv2 bug by now - EAP-TTLS/EAP-MSCHAPv2 worked fine  :-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Pozdrawiam
Tomasz Karczewski
--------------------------------------------------------
Facebook<http://www.facebook.com/puzzelbeats>
SoundCloud<http://soundcloud.com/puzzel>
YouTube<http://www.youtube.com/user/puzzelmusic>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140814/a1f1975f/attachment.html>


More information about the Freeradius-Users mailing list