RADIUS wifi 無法在具有網域使用者的 Windows 8.1 和 Windows 10 上執行

編輯：

我能夠縮小問題範圍。顯然，這不是 Surface 的問題，而是 Windows 8.1（也可能是 8）和 10 的問題。

當我使用本機使用者帳戶時，連接到 RADIUS wifi 可以完美地工作。一旦我使用網域使用者帳戶嘗試此操作（我嘗試了一個具有本機管理員權限的帳戶和一個沒有本機管理員權限的帳戶），它就無法連線。請注意，我談論的是網域而不是 AD，因為我們仍在使用 Samba 3。

原來的：

我們正在使用 FreeRADIUS 伺服器（具有 MSChapv2 的 PEAP）來運行 Radius wifi 網路。除了我們所有的Surface Pro 3 之外，它在所有機器上都能完美運行（在Windows 7 和8.1、Android 4.3、Arch Linux 上測試）。設定.我還多次嘗試使用不同的選項手動配置它。我們為 FreeRADIUS 伺服器使用由本公司的自訂憑證授權單位簽署的憑證。我已驗證 CA 是否已正確安裝在 Windows 中，並且還嘗試了在不驗證憑證的情況下進行連線。

這是 FreeRADIUS 日誌檔案中顯示的內容：

Wed Jul 15 10:32:52 2015 : Auth: Login OK: [someuser] (from client stg-wlan-core port 0 via TLS tunnel)
Wed Jul 15 10:32:55 2015 : Auth: Login incorrect: [someuser] (from client stg-wlan-core port 217 cli C0-33-5E-33-10-8F)

如果您在 FreeRADIUS 上使用偵錯，則會顯示以下內容：

[eap] EAP packet type response id 221 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Client rejected our response.  The password is probably incorrect.
[peap] We sent a success, but received something weird in return.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [someuser] (from client stg-wlan-core port 112 cli 50-1A-C5-F4-F6-87)
Using Post-Auth-Type Reject

它說的是有關密碼錯誤的資訊。我不確定它正在談論哪個密碼，因為我確定用戶帳戶存在並且密碼正確。

從表面追蹤：

[500] 07-15 10:19:48:898: RasEapCreateConnectionProperties, eap type id = 26
[500] 07-15 10:19:48:899: CopyXmlDoc returned: 0x0
[500] 07-15 10:19:48:899: ReadConnectionData
[500] 07-15 10:19:48:900: Setting the defaults to use win-logon
[500] 07-15 10:19:48:900: Use Winlogon credentials is set to No
[500] 07-15 10:19:48:900: Successfully generated blob for MSChapV2 Connection Properties
[500] 07-15 10:19:49:831: RasEapCreateConnectionProperties, eap type id = 26
[500] 07-15 10:19:49:831: CopyXmlDoc returned: 0x0
[500] 07-15 10:19:49:832: ReadConnectionData
[500] 07-15 10:19:49:833: Setting the defaults to use win-logon
[500] 07-15 10:19:49:833: Use Winlogon credentials is set to No
[500] 07-15 10:19:49:833: Successfully generated blob for MSChapV2 Connection Properties
[500] 07-15 10:19:49:843: RasEapCreateConnectionProperties, eap type id = 26
[500] 07-15 10:19:49:843: CopyXmlDoc returned: 0x0
[500] 07-15 10:19:49:844: ReadConnectionData
[500] 07-15 10:19:49:845: Setting the defaults to use win-logon
[500] 07-15 10:19:49:845: Use Winlogon credentials is set to No
[500] 07-15 10:19:49:845: Successfully generated blob for MSChapV2 Connection Properties
[500] 07-15 10:19:50:109: InitLSA.
[500] 07-15 10:19:50:109: InitLSA: returning 0x0
[500] 07-15 10:19:50:109: ChapInit: exit: fInitialize=0x1, g_dwRefCount = 0x1, g_hLsa = 0x1147e5d0
[500] 07-15 10:19:50:109: EapMSCHAPv2Initialize Exit: fInitizlize = 1, dwRefCount = 0x1,
[500] 07-15 10:19:50:109: EapMSCHAPv2Initialize: fInitizlize = 0, dwRefCount = 0x1,
[500] 07-15 10:19:50:109: ChapInit: fInitialize=0x0, g_dwRefCount = 0x1, g_hLsa = 0x1147e5d0
[500] 07-15 10:19:50:135: RasEapGetIdentity
[500] 07-15 10:19:50:135: ReadUserData
[500] 07-15 10:19:50:135: NULL user blob is passed, size: 0
[500] 07-15 10:19:50:135: ReadConnectionData

我能想到的唯一原因是 wifi 適配器或其驅動程式有問題。如果您有任何想法或需要更多信息，請告訴我。