Hello, One of our customers reported that EAP-TLS user authentication doesn't work with Windows 8.1 against Radiator.
We investigated this further and there seems to be a problem with Windows 8.1 EAP-TLS client and how it validates server certificates. The problem is seen with NPS too. Windows 8.1 EAP-TLS doesn't work against Microsoft NPS if you have validate server certificate option enabled in Windows 8.1. There are (at least) two options for workaround: 1. Easiest but unsecure option is to disable server certificate check in Windows 8.1. 2. The bug doesn't affect EAP-PEAP. So you can configure Windows 8.1 to use PEAP with EAP-TLS as inner authentication protocol. In that configuration you can enable server certificate check in PEAP configuration. You must disable server certificate check in inner EAP-TLS configuration in Windows 8.1. Best Regards, Sami -- Sami Keski-Kasari <sam...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
