Secrets to getting Windows 8.1 to connect to PEAP-TTLS and PAP

Alex Gregory alex at
Thu Aug 14 22:53:28 CEST 2014

The certificates that were generated when the server was installed (on FreeRadius).  On the LDAP is a publically signed cert.  Its funny because the Mac and Iphone clients connect they accept the cert but the Win 8.1 client does not seem to.  Since I am using TTLS I assumed that I did not need to copy a cert to the client.  I have read in some places that the CA cert needs to be copied.  I did copy the cert (ca.pem) from /etc/freeradius/certs and imported it into the Trusted Root Certification Authorities but did not see it show up.

As far as client config goes I think I got all the options:

Security Tab - -> EAP-TTLS as connection method
Settings button --> Disable Identity Privacy and Select PAP as “non-EAP method for authentication” (which says unencrypted password (PAP)).



From: at [ at] On Behalf Of Tomasz Karczewski
Sent: Thursday, August 14, 2014 1:32 PM
To: FreeRadius users mailing list
Subject: Re: Secrets to getting Windows 8.1 to connect to PEAP-TTLS and PAP

What kind of certificate do you have ?

2014-08-14 21:46 GMT+02:00 <A.L.M.Buxey at<mailto:A.L.M.Buxey at>>:

> Are there any secrets to getting Win 8.1 client to connect with TTLS and PAP?  I have done all of the custom settings in the network config but the server is just ignoring those settings and choosing to try TLS with certs even though I have TTLS selected client side.  As of 8.1 is this supposed to work natively inside the OS?  Are there any tips to getting it to work?  My Mac clients connect fine with a profile created and pushed.
Windows 8 made TTLS native - you really just need to ensure ALL the bits in the supplicant are
configured - go to the advanced settings and ensure the system is using 'user authentication' etc

i hope they (MS) fixed the EAP-TTLS/MS-CHAPv2 bug by now - EAP-TTLS/EAP-MSCHAPv2 worked fine  :-)

List info/subscribe/unsubscribe? See

Tomasz Karczewski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list