Sometimes failing EAP authentication in Windows 11 and WiFi

Thomas Schachtner Thomas.schachtner at eltheim.de
Thu Nov 11 13:58:43 CET 2021


Thanks for the hint regarding the CA validation (i.e. that the client
does not trust the RADIUS's certificate and not vice-versa).
That helped a lot.
In the meantime, I found out what was missing.

In the WiFi configuration in Windows 11 you have to specify the
fingerprint of the CA used to issue the FreeRADIUS server's
certificate:

The path in Windows's WiFi configuration XML file is
\WLANProfile\MSM\Security\OneX\EAPConfig\EapHostConfig\Config\Eap\EapType\ServerValidation
At this location, you need to specify the fingerprint similar to the following:

<TrustedRootCA>xx xx xx xx xx ... xx </TrustedRootCA>

As soon as this node is there, the WiFi connection is working on my side.
Maybe, this can be helpful for anyone else, too...

Tom


More information about the Freeradius-Users mailing list