EAP-TTLS works for MacOS supplicants but not Win10

Evan Sharp evan.sharp at coastmountainacademy.ca
Wed Sep 16 00:49:30 CEST 2020

Hi Alan,

Thanks for the quick reply!

> The CA cert used by FreeRADIUS isn't configured on the Windows machine.

Does that cert come pre-configured in MacOS and ChromeOS? These are BYOD
computers so I haven't touched them, but all the Mac clients have been


On Tue, Sep 15, 2020 at 2:12 PM Alan DeKok <aland at deployingradius.com>

> On Sep 15, 2020, at 4:42 PM, Evan Sharp <
> evan.sharp at coastmountainacademy.ca> wrote:\
> > This is my first message so please advise me of any participation gafs.
>   http://wiki.freeradius.org/list-help
> > I have a working 801.2x wifi termination with Aruba APs binding Google
> > users via FreeRADIUS 3.0.21 using EAP-TTLS. It is only successful with
> > MacOS supplicants though. When I start debugging Windows 10 clients, the
> > connection fails somewhere.
> >
> > Comparing debug outputs, the win10 exchange just seems to stop, with no
> > errors thrown, where the mac flow otherwise continues.
>  "it just stops".
>   99% of the time it's a certificate issue.  The CA cert used by
> FreeRADIUS isn't configured on the Windows machine.
> > Although the users for testing are different, there is no explicit
> > Auth-reject to tell me that's the issue.
>   Because FreeRADIUS isn't rejecting the user.  Instead, the Windows
> system is refusing to talk to FreeRADIUS.
>   Configure the certificates, etc. on Windows, and it will work.  There
> are EAP-TLS guides on the FreeRADIUS Wiki.  They contain information about
> Windows, and the certificate configuration is largely the same as for
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list