unknown CA when trying to authenticate

Tyler Montney montneytyler at gmail.com
Mon Feb 22 19:34:48 CET 2021


I guess there was a bit more configuration to setting up radius on Windows
than I thought. Thanks to Windows 10, a lot of the old dialogs are
hidden/harder to get to.

When connecting, I am now seeing "mschap: WARNING: No ClearText-Password
configured. Cannot create NT-Password/LM-Password."

On Mon, Feb 22, 2021 at 11:13 AM Alan DeKok <aland at deployingradius.com>
wrote:

> On Feb 22, 2021, at 11:22 AM, Tyler Montney <montneytyler at gmail.com>
> wrote:
> > For instance, a Windows client trying to connect to a WiFi network. It
> > tries to connect, is prompted for a username and password, then says
> "Can't
> > connect to this network". (Simultaneously, I have "freeradius -X"
> running,
> > where I see the CA error.)
>
>   That is a much better description of the problem.
>
>   The error is *not* coming from FreeRADIUS.  The Windows system is
> sending FreeRADIUS a TLS layer alert message, which say "I don't understand
> who you are".
>
>   The solution is NOT to poke FreeRADIUS.  The solution is to fix the
> Windows system so that it knows about the RADIUS certificates.
>
> > "You configured the end-user system to use WiFi."
> >
> > The only thing I have done on the end user system is import the root CA.
>
>   Where?  How?
>
>   As I said before, the CA stores are different for Web and EAP.  Are you
> sure that you that you're installing the certificate in the right place in
> Windows?
>
> > "There is existing documentation which tells you how to configure WiFi."
> >
> > Please verify which documentation you're referring to, so that I know
> we're
> > on the same page.
>
>   This documentation is specific to Windows, and changes over time.  I'm
> sure Microsoft has documentation for their product...
>
>   My web site has had detailed documentation on *generic* EAP testing for
> ~15+ years:  http://deployingradius.com
>
>   It's pointed to from the FreeRADIUS documentation, wiki, etc.  That
> documentation walks you through the steps necessary to configure EAP,
> including testing
>
>   Or, there's "google".
>
>
> https://www.google.com/search?q=How+do+I+install+a+WiFi+certificate+in+Windows+10%3F&rlz=1C5CHFA_enCA767CA767&oq=How+do+I+install+a+WiFi+certificate+in+Windows+10%3F&aqs=chrome..69i57j0i22i30j0i390.295j0j7&sourceid=chrome&ie=UTF-8
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list