Sometimes failing EAP authentication in Windows 11 and WiFi
Thomas Schachtner
Thomas.schachtner at eltheim.de
Thu Nov 11 13:58:43 CET 2021
Thanks for the hint regarding the CA validation (i.e. that the client
does not trust the RADIUS's certificate and not vice-versa).
That helped a lot.
In the meantime, I found out what was missing.
In the WiFi configuration in Windows 11 you have to specify the
fingerprint of the CA used to issue the FreeRADIUS server's
certificate:
The path in Windows's WiFi configuration XML file is
\WLANProfile\MSM\Security\OneX\EAPConfig\EapHostConfig\Config\Eap\EapType\ServerValidation
At this location, you need to specify the fingerprint similar to the following:
<TrustedRootCA>xx xx xx xx xx ... xx </TrustedRootCA>
As soon as this node is there, the WiFi connection is working on my side.
Maybe, this can be helpful for anyone else, too...
Tom
More information about the Freeradius-Users
mailing list