Powered by Jitbit .Net Forum free trial version. dismiss

HomeGeneral

General issues

windows PEAP-TLS authentification issues Messages in this topic - RSS

Admin
Admin
Administrator
Posts: 5028


2.10.2020
Admin
Admin
Administrator
Posts: 5028
Can you send me another Wireshark trace for the latest case?
0 link
pgaudil
pgaudil
Posts: 18


2.10.2020
pgaudil
pgaudil
Posts: 18
here it is. With the certificate from TekCert.

0 link
Admin
Admin
Administrator
Posts: 5028


2.10.2020
Admin
Admin
Administrator
Posts: 5028
Please also check log entries under

Event Viewer->Applications and Services Logs->Microsoft->Windows

EapHost
EAPMethods-RasChap
EAPMethods-RasTls
EAPMethods-RasTtls
0 link
pgaudil
pgaudil
Posts: 18


5.10.2020
pgaudil
pgaudil
Posts: 18
Hi,
in the EAPMethods-RasTls journal I see
Échec de l’authentification pour le type de méthode EAP 25. Erreur : 0x54F.
(sorry message is in french, basically: authentication error for method type EAP 25. Error: 0x54F)
When googling this error I get that it is possibly linked to TLS version. And the solution is to switch to 1.0 instead of 1.2. Is it possible to set the TLS version in TekRadius, or just doing it on the client is enough?


best regards,


Pierre
0 link
Admin
Admin
Administrator
Posts: 5028


5.10.2020
Admin
Admin
Administrator
Posts: 5028
TekRADIUS performs TLS negotiation for TLS version 1.2 as you can see in the latest Wireshark you have sent me. Please see https://www.reddit.com/r/Windows10/comments/3orr79/8021x_peap_is_broken_with_wpa2enterprise/
0 link
pgaudil
pgaudil
Posts: 18


5.10.2020
pgaudil
pgaudil
Posts: 18
I check the link you sent me. I tried: the negociation switches to TLS 1.0 but I get the same behaviour (no response from client to server Hello). Appart from RSA-signed, what kind of other certificates can I try with tekradius?
0 link
Admin
Admin
Administrator
Posts: 5028


5.10.2020
Admin
Admin
Administrator
Posts: 5028
Please got to added registry key and change its value from 0xc0 to 0xc00
0 link
pgaudil
pgaudil
Posts: 18


5.10.2020
pgaudil
pgaudil
Posts: 18
I tried same: same result..
I have a question about tekcert, does it comply with these windows requierement:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/certificate-requirements-eap-tls-peap ?
0 link
Admin
Admin
Administrator
Posts: 5028


5.10.2020
Admin
Admin
Administrator
Posts: 5028
Please try following settings;

0 link
pgaudil
pgaudil
Posts: 18


6.10.2020
pgaudil
pgaudil
Posts: 18
I'll try. I have question: why some certificate are in red and some are in black? It is the same in Tekradius management application, what does it mean when a user parameter is in red?
0 link
Admin
Admin
Administrator
Posts: 5028


6.10.2020
Admin
Admin
Administrator
Posts: 5028
Coloring has different meanings in TekRADIUS and TekCERT. Expired or untrusted certificate entries shown in red in TekCERT. Checked attributes in authentication requests shown in red in TekRADIUS.
0 link
pgaudil
pgaudil
Posts: 18


6.10.2020
pgaudil
pgaudil
Posts: 18
with the unregistered version of tekcert, I am limited to sha1withRSA algorithm, and it doesn't work.
0 link
Admin
Admin
Administrator
Posts: 5028


6.10.2020
Admin
Admin
Administrator
Posts: 5028
Please send your system id to yasin.kaplan at kaplansoft.com to receive a trial key.
0 link
pgaudil
pgaudil
Posts: 18


7.10.2020
pgaudil
pgaudil
Posts: 18
I found the solution: the client PC has a policy rule requiering a 4096bit RSA certificate.With a correct server certificate it OK now. Thanks for your support.
best regards,

Pierre
0 link
Admin
Admin
Administrator
Posts: 5028


7.10.2020
Admin
Admin
Administrator
Posts: 5028
You welcome
0 link
12






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software