FreeRadius with EAP-TLS on windows 7, certs installed but not sent out.

luckydog xf luckydogxf at
Fri Dec 14 06:24:03 CET 2018

Try lots of time and make below conclusion for anyone who may run into the
same situation reference.

1.  NO traffic on Supplicant( win7) and NAS( AC/AP) UNLESS you setup eap
correctly. That's expected. The first packet is DHCP request until you pass
2. Windows is nnlike Linux, it requires a combination of cert and private
key, usually it's a p12 or pfx,  That's the root cause of my problem.
3.  {cadir}/certs is a great place and has tools generating certs that
requires by windows. Don't  ever try to use openssl CLI on your own,
Freeradius's is good enough.
4.  Extended Key Usage of cert for windows 7/10  is a must, and when you
enable mutul authentication, make sure you install CA on *Trusted Root
Certification Authorities store and select it.*


5. eapol_test is a good supplicant to test eap-tls.etc, pretty easy to

That's all.

On Thu, Dec 13, 2018 at 11:52 AM luckydog xf <luckydogxf at> wrote:

> Sorry, I mean no offense, I just want to get problme solved.
> I used eap-peap-mschapv2 to prove  that it has something to do with setup.
> Using eap-peap-mschapv2, before it's * successful *, nothing was send out
> through wireless NIC, either.  The first packet is DHCP reqeust once it
> passes eap-peap-mschapv2 auth.
> And it has nothing to do with firewall of windows7.
> So I'm here to seek any adivce.  Apologize  if I did anythig wrong.
> On Wed, Dec 12, 2018 at 8:10 PM Alan DeKok <aland at>
> wrote:
>> On Dec 12, 2018, at 7:00 AM, luckydog xf <luckydogxf at> wrote:
>> >
>> > :)
>> > So anything wrong with my setup?  Or anything that I missed out.
>>   It's not a RADIUS problem.  You were told this.  We don't do Windows
>> technical support here.
>>   Stop asking non-RADIUS questions on the FreeRADIUS list.
>>   Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list