no, the problem has nothing to do with windows XP since there is no radius client on the user side.
802.1X model typically results in the following with 802.11:
user <---EAPOL---> AP <---RADIUS---> RADIUS server (e.g. FR)
as you can see, the AP translates between EAPOL and RADIUS. the user does not use RADIUS, is not aware of it and never touches it. FreeRADIUS is not aware of EAPOL and does not give a henk about it. it only uses RADIUS and its extensions.
the State attribute and its use are defined in the radius RFC (see my last post). it can only be used by either the radius client or radius server, more precisely it can be sent by the radius server in any challenge and must be copied in the response without being changed by the radius client. this seems to be wrong in your case. thus, it's a violation of the RFC. well, that's what i deduce from what you've told so far.
all the rest does not matter. if your ap changes the state attribute, it has nothing to do with the certificates, users, user software, configurations of the server and all the rest. it has only to do with the radius client - the ap.
of course, you *could* change the code of freeradius in order to produce shorter State attributes (which is probably the problem of your AP). but do not misunderstand the problem here: it would be a workaround about your broken AP.
ciao artur
Klemens Jaeger wrote:
i have updated the ap's firmware to the newest version (3.70-46 for Symbol) but nothing changed.
could the problem be the certificates, that i used for authentication? or could it be the winxp version (i use xp professional vers. 5.1)? or is the problem limited only to the ap?
-- Artur Hecker D�partement Informatique et R�seaux, ENST Paris http://www.infres.enst.fr/~hecker
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
