EAP-TTLS works for MacOS supplicants but not Win10

Alan DeKok aland at deployingradius.com
Tue Sep 15 23:12:29 CEST 2020

On Sep 15, 2020, at 4:42 PM, Evan Sharp <evan.sharp at coastmountainacademy.ca> wrote:\
> This is my first message so please advise me of any participation gafs.


> I have a working 801.2x wifi termination with Aruba APs binding Google LDAP
> users via FreeRADIUS 3.0.21 using EAP-TTLS. It is only successful with
> MacOS supplicants though. When I start debugging Windows 10 clients, the
> connection fails somewhere.
> Comparing debug outputs, the win10 exchange just seems to stop, with no
> errors thrown, where the mac flow otherwise continues.

 "it just stops".

  99% of the time it's a certificate issue.  The CA cert used by FreeRADIUS isn't configured on the Windows machine.

> Although the users for testing are different, there is no explicit
> Auth-reject to tell me that's the issue.

  Because FreeRADIUS isn't rejecting the user.  Instead, the Windows system is refusing to talk to FreeRADIUS.

  Configure the certificates, etc. on Windows, and it will work.  There are EAP-TLS guides on the FreeRADIUS Wiki.  They contain information about Windows, and the certificate configuration is largely the same as for EAP-TTLS.

  Alan DeKok.

More information about the Freeradius-Users mailing list