WPA2-Enterprise and WPA3-Enterprise not working with Windows

Alan DeKok aland at deployingradius.com
Tue Mar 14 21:18:02 UTC 2023


On Mar 14, 2023, at 4:20 PM, Matt H <meh1963 at gmail.com> wrote:\
> Working on a relatively generic new install of Freeradius 3.2.2 on an Alma
> 9.1 system (think CentOS).
> ...
> Windows fails entirely, in every situation; in the radius -X output below,
> it sends a NAK and stops negotiating.

  Windows isn't configured to do EAP-TLS.

> (1) Received Access-Request Id 243 from 172.18.2.88:53142 to
> 172.18.0.200:1812 length 250
> ...
> (1)   EAP-Message = 0x024d00060300

  This is an EAP-NAK with a final "00" byte.  i.e. Windows says "I'm not configured to use any EAP types".

  If Windows was configured to do PEAP or TTLS, the final byte(s) here would be the PEAP or TTLS EAP code, and not 00.

> (1) eap: Peer sent packet with method EAP NAK (3)
>            # Why is Windows sending a NAK?

  You didn't configured the Windows system to do EAP-TLS.

  Alan DeKok.



More information about the Freeradius-Users mailing list