FW: EAP authentication with Windows 10
Matthew Newton
matthew at newtoncomputing.co.uk
Sat Apr 22 22:51:59 CEST 2017
On 22 April 2017 21:26:04 BST, Rob Rutledge <robertrutledge2005 at charter.net> wrote:
>I have had Freeradius up and running successfully since February. I
>set up
>a Windows 10 wireless client to authenticate to it along with an iPhone
>6.
That's good.
>For some reason the Windows 10 client quit working last week. (The
>iPhone
>is still working fine although I see in the debugs it is using TLS1.0)
I would have preferred​ to be back at exactly the same setup you had then, and look at the debug log, rather than change some stuff which now means you might have more broken things. But that's probably not possible now...
The real question should be - what changed that stopped it working?
> I
>assumed it was a problem with the certificates expiring, but creating
>new
>ones has not helped. Therefore I went back to the originals. I was
>not
>able to get the client.p12 certificate installed so instead I use WPAV2
>and
>I did not specify the username/password in my AP. Therefore the
>authentication process would let me enter the username/password
>combination
>and then have me accept the certificate which I only had to configure
>once.
>Then it stopped working and I cannot even get past the
>username/password
>combination now.
>(5) eap_peap: ERROR: TLS Alert read:fatal:access denied
Looks like it might be windows not trusting the server CA. Is the CA cert installed correctly in windows?
If it authenticates with CA cert verification disabled, then this is certainly the problem. But don't do that in normal operation as it's not secure.
--
Matthew
More information about the Freeradius-Users
mailing list