Sometimes failing EAP authentication in Windows 11 and WiFi

Thomas Schachtner Thomas.schachtner at eltheim.de
Wed Nov 10 15:28:30 CET 2021


Hello Alan,

please excuse me posting the eap config file to the list.
I thought your previous private mail was sent automatically and
addressed issues where people include LONG configuration files with
mostly comments in them. (In addition to the long logs)
(This was the reason why I removed all the comments from the file and
I thought I so followed the instructions - somehow ...)
I did not understand that I must not send configuration files *at
all*. I think, now I got that. Sorry for that.
Please understand that I did not want to offend you.

Best regards,
Tom

Am Mi., 10. Nov. 2021 um 15:11 Uhr schrieb Alan DeKok
<aland at deployingradius.com>:
>
> On Nov 10, 2021, at 7:50 AM, Thomas Schachtner <Thomas.schachtner at eltheim.de> wrote:
> > (6) eap_peap: <<< recv TLS 1.2  [length 0002]
> > (6) eap_peap: ERROR: TLS Alert read:fatal:unknown CA
>
>   The client machine does not recognize the CA used by FreeRADIUS.
>
>   Install the CA on the client machine.
>
> > But I am not sure what this means exactly.
>
>   The client machine does not recognize the CA used by FreeRADIUS.
>
> > (Where are the CA certificates located which are checked?
>
>   Ask Microsoft.
>
> > Why is it unknown?
>
>   You didn't tell the Windows 11 machine that it should accept the CA used by FreeRADIUS.
>
> > It should be well-known everywhere here…
>
>   Did you tell the ndows 11 machine that it should accept the CA used by FreeRADIUS?
>
> > What does that „No
> > data inside of the tunnel“ mean? Or is this an expected behaviour?)
>
>   Ignore that.  The error is "unknown CA".
>
> > Does anyone have the same issue? Has it been solved?
>
>   People have been having this same issue for almost 20 years.  Just look up "freeradius unknown CA" on the web, and you'll get loads of answers.
>
> > Or does anyone know what’s going wrong here?
> > It may be caused by settings in the eap module configuration file,
>
>   No.
>
> > which is shown below:
>
>   All of the documentation says PLEASE DON'T POST CONFIGURATION FILES TO THE LIST.
>
>   I also said this earlier to you in a private email.  If you're not going to follow instructions, you're not going to get things fixed.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list