Hello, Thank you. It works with XP and FreeEADIUS using EAP/MD5. We found the problem from "EAP's id".
Although EAP/MD5 is insecure, it's convenient to use for general users. :) Because dynamic generation of WEP keys needed in some vendors' AP is not supported in FR, I can't use EAP/TLS. (EAP module doesnot send "MS-MPPE.." with the Access-Accept packet) Any good news? :) Thank you very much. Sincerely, -- Wayne Ying-Jui Lee (���^��) http://www.elites.org/~waynelee ----- Original Message ----- From: "McNutt, Justin M." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 24, 2002 7:30 PM Subject: RE: EAP/MD5 with XP & FreeRADIUS > Has someone ever tried EAP/MD5 working with Windows XP > and FreeRADIUS? Yes. It works... if configured properly on both sides. > I found something strange.. > "EAPOL start" -> Identity Request and Reply..... > After FreeRADIUS sends "challenge" and Access Point > forwards it, it > seems XP doesn't > understand "challenge" and XP sends "identity reply" again.... > The authentication procedure becomes a loop and wouldn't end. What does your RADIUS configuration look like? Specifically: 1) Do you have EAP enabled in your radius.conf file? 2) Do you have the NAS (the Access Point) defined in your clients.conf file (along with the correct shared secret)? 3) What does this user's entry look like in the users file? > Is it a problem of Windows XP? > It's ok if I use XP + Windows 2000 RADIUS. > Excuse me for disturbing us. Thank you. Not a problem. It's most likely the configuration on one side or another. Several people have been able to get EAP/MD5 to work with Windows XP. One thing to remember, though: EAP/MD5 is a rather insecure method of doing things, even with Windows 2000 RADIUS, because each user's password is stored on the RADIUS server in a decryptable (or even cleartext!) format. It is better to use EAP/TLS, which also works with FreeRADIUS and Windows XP. --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
