EAP-TTLS works for MacOS supplicants but not Win10

Evan Sharp evan.sharp at coastmountainacademy.ca
Wed Sep 16 00:49:30 CEST 2020


Hi Alan,

Thanks for the quick reply!

> The CA cert used by FreeRADIUS isn't configured on the Windows machine.

Does that cert come pre-configured in MacOS and ChromeOS? These are BYOD
computers so I haven't touched them, but all the Mac clients have been
plug-and-play.

Evan



On Tue, Sep 15, 2020 at 2:12 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Sep 15, 2020, at 4:42 PM, Evan Sharp <
> evan.sharp at coastmountainacademy.ca> wrote:\
> > This is my first message so please advise me of any participation gafs.
>
>   http://wiki.freeradius.org/list-help
>
> > I have a working 801.2x wifi termination with Aruba APs binding Google
> LDAP
> > users via FreeRADIUS 3.0.21 using EAP-TTLS. It is only successful with
> > MacOS supplicants though. When I start debugging Windows 10 clients, the
> > connection fails somewhere.
> >
> > Comparing debug outputs, the win10 exchange just seems to stop, with no
> > errors thrown, where the mac flow otherwise continues.
>
>  "it just stops".
>
>   99% of the time it's a certificate issue.  The CA cert used by
> FreeRADIUS isn't configured on the Windows machine.
>
> > Although the users for testing are different, there is no explicit
> > Auth-reject to tell me that's the issue.
>
>   Because FreeRADIUS isn't rejecting the user.  Instead, the Windows
> system is refusing to talk to FreeRADIUS.
>
>   Configure the certificates, etc. on Windows, and it will work.  There
> are EAP-TLS guides on the FreeRADIUS Wiki.  They contain information about
> Windows, and the certificate configuration is largely the same as for
> EAP-TTLS.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list