hi Antonios Lazaridis wrote: > > > Artur Hecker <[EMAIL PROTECTED]> wrote: > > > dynamic wep keys are supported, the doc is outdated. > > > > Fixed, thanks. > > Alan DeKok. > > I downloaded the yesterday's snapshot. > > (The document still says > Please note that WEP is not yet supported in freeradius > > i am not sure if you wanted to change this)
hmmm, Alan? :) > The way i understood it, is that WEP is distributed automatically to AP and > client, so i don't have to ad anything, right? kind of, yes. > Using a Cisco 350 AP with 11.07 firmware, didn't work. Authentication > finishes fine, but ping is not possible unless i set WEP keys for AP and > client. 11.07 should work but you should upgrade your firmware, they have 11.23 already!!! it has some nice debug features which you could need. and: don't panic. we will surely get it running since i have the same config/hardware. > How can i check if the server sends a WEP key or not? you should have MPPE-* attributes in your Access-Accept message. if not, stop here and verify the compilation of your rlm_eap_tls module. > Here is the last message that the RADIUS server sends, from the radius log: > (PS: i have tried many times setting AP to Full encryption, optional > encryption and no encryption) it would be Full Encryption though. and unless you do not specify the Broadcast Key Rotation, you have to set the WEP Key in slot 1 (ONE!) and to mark it as transmit key. > Sending Access-Challenge of id 27 to 192.168.1.50:1307 > Session-Timeout = 300 > EAP-Message = > "\0019\0005\r\200\000\000\000+\024\003\001\000\001\001\026\003\001\000 > 1\254\303g\315\230zo\355v\216x\010\213#k\203\200}\362\013/X\005\211\326n\332 > \351\221ky" > Message-Authenticator = 0x00000000000000000000000000000000 > State = > 0xdab9df71610e1c89b0a00ed97ae0d13dbe58923d1e6dbce3b29707f3e14396d7ce40d85b > Finished request 18 you can't be serious : this message is never the last one... this is a challenge. if this is the last message, the authentication has not been finished yet. you definitely should have EAP-TLS running correclty before even thinking about dynamic keys. The last message has to be Access-Accept. verify these points. ciao artur -- _____________________________________________________________________ Artur Hecker Groupe Acc�s et Mobilit� hecker[at]enst[dot]fr D�partement Informatique et R�seaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
