I have recently come across two clients who were both having issues with Wi-fi profiles. Both were using Microsoft Endpoint Manager (Intune) and the solution was the same for both.
There were differences between the two, one was using iOS devices and the other Windows, one was using Windows RADIUS and the other FreeRADIUS on Linux. Both were trying to deploy certificate based EAP-TLS Wi-Fi profiles and both had devices failing to complete the EAP-TLS authentication.
The Fix? The Wi-Fi profile needs to have the common name of the certificate presented by the RADIUS server(s) added to the configuration.
The first client had added them both in the same box, separated by a comma
Instead of being individual items.
The second client, instead of entering just the name had populated the field with the common name of the Certificate authority, once replaced with just the names of the RADIUS server it authenticated.
