FreeRADIUS 3 certificate issue on some Windows clients

[Tomáš Ivánek]

I'm running FreeRADIUS 3.0.11 with OpenSSL 1.0.2g. I have successfully 
configured EAP TLS, TTLS and PEAP methods. Now the issue...when I'm 
configuring clients with Windows 7, Vista or XP and certificates are not yet
installed (ca.der and optionally client.p12) and try to connect to the 
network through the bottom right network icon a bubble popup shows up 
telling me that I need to installl the certificates. The connection can't be
established, which is how it should behave. When i configure the connection 
manually, import the certs, all the methods mentioned above works well. The 
manual configuration also work well on Windows 10 and can't connect until at
least the ca.der is present on the computer for PEAP and TTLS. However when 
any of theese certificates are not present on the Windows 10 machine and try
to connect through  the network menu in the bottom right corner the 
connection is successfully created after entering login credentials.  It 
seems like it's bypassing the ca.der certificate somehow. I have the same 
problem  with windows phone 7.X devices. Is there a way how to prevent this 
behaviour? The server shouldn't allow the connection, am I right? 




here is the output od radiusd -X with example login through windows phone 7 
device. It's a .txt file on my google drive. Thank you




https://drive.google.com/file/d/0B9T3_pXPBXRnZklXRjJDcmVHek0/view?usp=
sharing
(https://drive.google.com/file/d/0B9T3_pXPBXRnZklXRjJDcmVHek0/view?usp=sharing)