Sudden User Authentication Rejection as a result Compatibility - error

A.L.M.Buxey at A.L.M.Buxey at
Mon Feb 23 13:30:28 CET 2015


> come to light in a big way this morning), "nothing changed
> anywhere", it had been working fine for years and the issue affects
> machines with Win7 and higher.  Phones, Macs etc. all authenticate
> just fine.
> I haven't progressed much further down the troubleshooting path, so
> don't have much concrete to suggest, but if it is a similar problem,
> the server is not at fault and it is a client issue as others have
> already suggested.
> I'm about to embark on debugging in the depths of the Windows 802.1x
> client; if I do find anything I'll post here for the sake of the
> archives.

as already emntioned, there have been windows updates that have gone out recently
that have caused many a mischief. we've not been affected (probably because we
have our own CA for this...) - I suspect a certificate CA update on the clients
which has meant the root CA or an intermediate are no longer known or trusted
correctly.  if the RADIUS server pushed out it cert and ALL the chain, then local
intermediates SHOULDNT be an issue...but if the root is no longer correctly
known then that would be ka-blam!

easiest way to finger this...find/identify a troublesome client, visit said machine,
delete the eduroam connection profile/details and reconnect - see what it says about
the RADIUS cert/trust.


More information about the Freeradius-Users mailing list