Cannot connect to Win10 PC with client certificate (no connection possible)

[Alan DeKok]

On Jan 16, 2020, at 9:05 AM, uj2.hahn at posteo.de wrote:
> 
> Hi!
> I think I got it to work!!

  That's good.  For the benefit of others reading this, what was wrong?

> To refresh the memory: Radius based WLAN access control in a school for students and teachers. But there
> are some school-owned Win 10 tablets which should be able to login automatically via Radius client certificates.
> It seems it is working now! Thanks for your great support!

  Good to hear.

> Can you guys do me the favor to confirm that everything is going right with the certs (see debug file below)?

  If there's an Access-Accept and the system gets on WiFi, it's OK.  Nothing else matters.

> Once you confirm, then I have a new question:
> We use a Captive Portal connected to the freeradius server. This is fine to let user accept terms and conditions etc.
> But for the special user behind the client certificate ("RadiusClient") we don't want to see this Captive Portal web site.
> Is there anything freeradius can do or is it purely a CP configuration thing?

  You need to bypass the captive portal completely.  It has nothing to do with FreeRADIUS.

  Typically you have a "closed" SSID which requires EAP / certificates.  Then, you have an "open" SSID which is controlled by the captive portal.  You can't mix & match EAP and captive portals.  The protocols are designed to make this impossible.

  Alan DeKok.