Sometimes failing EAP authentication in Windows 11 and WiFi
Alan DeKok
aland at deployingradius.com
Wed Nov 10 15:09:11 CET 2021
On Nov 10, 2021, at 7:50 AM, Thomas Schachtner <Thomas.schachtner at eltheim.de> wrote:
> (6) eap_peap: <<< recv TLS 1.2 [length 0002]
> (6) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
The client machine does not recognize the CA used by FreeRADIUS.
Install the CA on the client machine.
> But I am not sure what this means exactly.
The client machine does not recognize the CA used by FreeRADIUS.
> (Where are the CA certificates located which are checked?
Ask Microsoft.
> Why is it unknown?
You didn't tell the Windows 11 machine that it should accept the CA used by FreeRADIUS.
> It should be well-known everywhere here…
Did you tell the ndows 11 machine that it should accept the CA used by FreeRADIUS?
> What does that „No
> data inside of the tunnel“ mean? Or is this an expected behaviour?)
Ignore that. The error is "unknown CA".
> Does anyone have the same issue? Has it been solved?
People have been having this same issue for almost 20 years. Just look up "freeradius unknown CA" on the web, and you'll get loads of answers.
> Or does anyone know what’s going wrong here?
> It may be caused by settings in the eap module configuration file,
No.
> which is shown below:
All of the documentation says PLEASE DON'T POST CONFIGURATION FILES TO THE LIST.
I also said this earlier to you in a private email. If you're not going to follow instructions, you're not going to get things fixed.
Alan DeKok.
More information about the Freeradius-Users
mailing list