FreeRADIUS 3 certificate issue on some Windows clients

Stefan Winter stefan.winter at restena.lu
Mon Apr 4 19:09:23 CEST 2016


Hi,

> least the ca.der is present on the computer for PEAP and TTLS. However when 
> any of theese certificates are not present on the Windows 10 machine and try
> to connect through  the network menu in the bottom right corner the 
> connection is successfully created after entering login credentials.  It 
> seems like it's bypassing the ca.der certificate somehow. I have the same 
> problem  with windows phone 7.X devices. Is there a way how to prevent this 
> behaviour? The server shouldn't allow the connection, am I right? 

It's not the server's problem: the client decides that it doesn't care
about the server certificate. It just accepts whatever the server sends.

Weird and extremely insecure by design? Yes! Talk to Microsoft if you
want this changed...

Greetings,

Stefan Winter
>
>
>
>
> here is the output od radiusd -X with example login through windows phone 7 
> device. It's a .txt file on my google drive. Thank you
>
>
>
>
> https://drive.google.com/file/d/0B9T3_pXPBXRnZklXRjJDcmVHek0/view?usp=
> sharing
> (https://drive.google.com/file/d/0B9T3_pXPBXRnZklXRjJDcmVHek0/view?usp=sharing)
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160404/44e5f249/attachment.sig>


More information about the Freeradius-Users mailing list