Windows 10: Windows 24H2 Broken Changes - Problem with RADIUS SmartCard Authentication & RADIUS VLAN...

We are commencing a rollback of our employees' computer operating systems from Windows 24H2 to 23H2 due to complications with RADIUS Authentication for SmartCards and RADIUS VLAN Tagging on Wi-Fi networks in the newest version of Windows.Regarding RADIUS SmartCard authentication, we have observed complete freezes in the user interface, necessitating the termination of the "Credentials UI Host Manager" process. Our investigation indicates that this freezing issue does not manifest on all devices operating on 24H2 when authentication is performed at the Windows login screen or through Wi-Fi sett

:)

 

Radius server + WLC and Client Certificate Authentication

Hello people,

We have an issue with our radius server.

I will explain what is our goal and what configuration we have so far:

Our goal is to authenticate clients in the domain using WLC and Client Certificate Authentication.

Each client in our domain has a unique personal certificate.

The idea is when an employee opens his PC automatically connects to the specified by the GPO recommended network by using the certificate and not the username and password.



Currently, we configured the WLC Cisco controller to receive the client certificate, authenticate it and provide the IP address(of course if the policies are validated).

Afterward that the WLC controller has to send the request to the radius server. The radius should check if the certificate is valid (not expired) and not included in the revocation list.

Here our issue came. It seems that the radius cannot access the revocation list and cannot check if the certificate is revoked.

We validated that by disabling the revocation list check in the Radius server registry settings.

If we set it to ignore the revocation list check, the authentication succeeds, and the client is authenticated successfully.

The thing is that this way we lower the security of the connection significantly and we would like to make sure the certificate is validated against the revocation list.

At the same time, there are no issues in the connection between the RADIUS server and the server where the revocation list is stored/published.



Could you please let me know if there is any specific configuration that should be made in order for the radius to be able to check the status of the authenticated certificate in the revocation list?

Is there any configuration guide that we have to follow in order to implement the necessary configuration in the most proper way?

 

wlan + radius authentication

Hello,

i dont know what types of radius server your using? what types of security? enabled Proxcy? MS radius server or another party server? AP is configured to support radius server? Does your radius server support your Nokia Phone ?

so many questions in my mind and everything must be configured in order to be able to connect to radius server.

for the Better solution contact your Network Administrator he/she can connect you to radius server.

thanks

 

A RADIUS message was received from RADIUS client 192.x.x.x with an invalid authenticator

Hello Team,

I am getting "A RADIUS message was received from RADIUS client 192.x.x.x with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server
snap-in and the configuration of the network access server"

But I updated the shared key as well but no luck.

Thanks,

Shailendra V