Freeradius2 - Windows 10 Update 1511
-
Hi!
after upgrading my Windows 10 (November update) I can't connect to my Network via WPA-Enterprise! On my pfSense (v2.2.5) I've running freeradius (v1.1.18).
The log on the pfSense is ok …
radiusd[7357]: Login OK: [mayer] (from client BIRDIE port 42 cli …)
radiusd[7357]: Login OK: [mayer] (from client BIRDIE port 0 via TLS tunnel)The Windows log reports 2 Errors …
Event 1106, ReasonCode 0x48005
"Dynamic key exchange did not succeed within configured time"… and ...
Event 8002, ReasonCode 163851
"The specific network is not available"I've reinstalled the newest WLAN Driver - no success!
What can I do? Any ideas?
Thanks for your help.
Thomas
-
ROFL. The advantage of updates your cannot disable. Complain to MS, perhaps.
-
In an other Forum I found this solution:
Could your WLAN network be using FreeRadius2 to handle WLAN authentication? There is a known issue in FreeRadius 2 version 2.2.6+ preventing it to authenticate a client using TLS 1.2.
A possible solution is to try disabling use of TLS 1.2 of the Windows 10 client:
• Create DWORD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\TlsVersion and set the associate DWORD value to 3C0 (or use this registry script).
• Restart service EapHost service.Thomas
-
It is likely due to this :
https://redmine.pfsense.org/issues/5318I can confirm that the current freeradius2 package does not authenticate android marshmallow devices as well. I've been using a freeradius 2.2.9 installation on another linux server as a temporary measure, but it would be nice to have the official pfsense package updated at some point.
Hopefully the fact that his now affects windows as well will move the fix higher up in priority.
-
Hi,
is there a solution yet? I did't found one that fits my need.
I have a Accesspoint on my Lan interface of ALIX 2d13. I can connect via Smartphone(Blackberry) but not with windows 10 machines.
-
is there a solution yet? I did't found one that fits my need.
The only answer is to use FreeRADIUS 2.2.9 or a recent FreeRADIUS 3 build.
Apparently it has proved difficult for the pfSense team to build a FreeRADIUS 2.2.9 PBI for pfSense 2.2.x. These PBI related issues have been solved in pfSense 2.3 by moving from PBI to pkg, though this doesn't help pfSense 2.2.x users.
In the fullness of time, pfSense 2.3 will be released and there will almost certainly be a FreeRADIUS package for it that does not have this issue. For now, with the push to get pfSense 2.3 released, issues with unofficial packages for pfSense 2.2.x may well be a lower priority for the developers.
-
In the fullness of time, pfSense 2.3 will be released and there will almost certainly be a FreeRADIUS package for it that does not have this issue. For now, with the push to get pfSense 2.3 released, issues with unofficial packages for pfSense 2.2.x may well be a lower priority for the developers.
The FreeRADIUS package on pfSense 2.3-BETA is 2.2.9 and is working well. If someone needs to use FreeRADIUS 2.2.9, they can upgrade to pfSense 2.3 or spin up an additional pfSense instance using 2.3 to use as a RADIUS server if they're more comfortable using it in that capacity.
