unknown CA when trying to authenticate

Alan DeKok aland at deployingradius.com
Mon Feb 22 18:12:39 CET 2021

On Feb 22, 2021, at 11:22 AM, Tyler Montney <montneytyler at gmail.com> wrote:
> For instance, a Windows client trying to connect to a WiFi network. It
> tries to connect, is prompted for a username and password, then says "Can't
> connect to this network". (Simultaneously, I have "freeradius -X" running,
> where I see the CA error.)

  That is a much better description of the problem.

  The error is *not* coming from FreeRADIUS.  The Windows system is sending FreeRADIUS a TLS layer alert message, which say "I don't understand who you are".

  The solution is NOT to poke FreeRADIUS.  The solution is to fix the Windows system so that it knows about the RADIUS certificates.

> "You configured the end-user system to use WiFi."
> The only thing I have done on the end user system is import the root CA.

  Where?  How?

  As I said before, the CA stores are different for Web and EAP.  Are you sure that you that you're installing the certificate in the right place in Windows?

> "There is existing documentation which tells you how to configure WiFi."
> Please verify which documentation you're referring to, so that I know we're
> on the same page.

  This documentation is specific to Windows, and changes over time.  I'm sure Microsoft has documentation for their product...

  My web site has had detailed documentation on *generic* EAP testing for ~15+ years:  http://deployingradius.com

  It's pointed to from the FreeRADIUS documentation, wiki, etc.  That documentation walks you through the steps necessary to configure EAP, including testing

  Or, there's "google".


  Alan DeKok.

More information about the Freeradius-Users mailing list