Windows 10 EAP-TTLS with client certificate
Ján Máté
jan.mate at inf-it.com
Wed Jan 22 02:02:48 CET 2020
Hi list,
I successfully installed and configured our FreeRADIUS server with the following results:
EAP-TLS => works on Windows 10, iOS 13, macOS 10.15 (Catalina)
EAP-TTLS + PAP (LDAP auth) => works on Windows 10, iOS 13, macOS 10.15
EAP-TTLS + PAP (LDAP auth) + client cert => NOT works on Windows 10, but works on iOS 13, macOS 10.15
The last option with Windows 10 produces the following error logs:
(185) eap_ttls: ERROR: TLS Alert write:fatal:handshake failure
tls: TLS_accept: Error in error
(185) eap_ttls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate
(185) eap_ttls: ERROR: System call (I/O) error (-1)
(185) eap_ttls: ERROR: TLS receive handshake failed during operation
(185) eap_ttls: ERROR: [eaptls process] = fail
(185) eap: ERROR: Failed continuing EAP TTLS (21) session. EAP sub-module failed
Windows 10 logs:
Wireless 802.1x authentication failed.
Error: 0x80420015
EAP Reason: 0x80420015
EAP Root cause String:
EAP Error: 0x80420015
I tried nearly all combinations in the Windows 10 configuration interface, but it never sends the client_cert with EAP-TTLS (the same settings with EAP-TLS work). When trying to connect to Wi-FI the Windows 10 interface looks like:
Choose a certificate: <correctly pre-selected certificate>
User name: <my username entered manually>
but after clicking to connect the server never receives the selected certificate ...
Is the optional "client cert" in EAP-TTLS supported on Windows 10? Any ideas to get it working?
Thanks,
JM
More information about the Freeradius-Users
mailing list