how can you change the session time in windows?
thanks, artur
Guy Davies wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Ian,
I've seen something like this when doing MAC authentication. It was actually a "feature" of the WinXP/Win2k supplicant which defaults the session time to about 6 seconds! If I explicitly set the session time to be something more useful (1800 seconds is good) then everything was happy.
Sorry if this is totally unrelated but I thought it might help.
Regards,
Guy
-----Original Message----- From: Ian Pritchard [mailto:[EMAIL PROTECTED] Sent: 26 September 2003 11:42 To: [EMAIL PROTECTED] Subject: WPA w/ EAP-TLS against 0.8.1
Hi,
We're running FreeRADIUS version 0.8.1, and have been trying out authentication using a couple of "WPA-capable" 802.11 APs and PCMCIA cards on laptops, with EAP-TLS and certs.
We've tried a matrix of the following:
Laptops - Win2K SP4 w/ MS 802.1x patch and with Funk Odyssey client - WinXP - EAP-TLS certs installed
PCMCIA cards - Linksys WPC54G - SMC2635W
APs - Linksys WRT54G - SMC2804WBR - Cisco AP340
All devices running latest possible drivers.
Before testing WPA we were running the Cisco AP340 and the Win2K 802.1x auth patch, plus XP.
Running either of the two PCMCIA cards, on either the Win2K or WinXP laptop, via the Linksys WRT54G AP, we see behaviour where the AP initiates access request to the FreeRADIUS server, the process runs through as normal, the access accept is sent to the AP, but it then immediately starts authentication again, and you run through the whole process repeatedly, starting again immediately after the accept is sent. Nothing seems abnormal if running FreeRADIUS in debug mode. With the Funk Odyssey client running on Win2K the behaviour is the same.
Using the SMC AP, things are more interesting. The SMC AP's web-based control interface has a "security" main menu, with 802.1x as a sub-menu. If you turn the main security to "WPA/TKIP w/ RADIUS", then the behaviour is as with the Linksys above. However, if you turn it to "No Encryption" (so not even WEP enabled according to its interface), but leave the "enable 802.1x" turned on in the sub-menu, authentication takes place as normal. The SMC client card has client manager software, and if you turn on WPA on the AP, then the client manager shows a "key" symbol (presumably denoting some kind of security) next to the AP, but if you turn off encryption and leave 802.1x turned on, the key goes away.
The Cisco AP doesn't have WPA but will do 802.1x as before.
We're having trouble reaching a conclusion here (partly because it's difficult to tell what's happening), and certainly don't think we've got any "WPA" AP/client combination working with WPA/Radius. We had thought that, from an authentication perspective, there was no difference between 802.1x and WPA.
Has anyone else managed to get WPA APs and clients running against FreeRADIUS using EAP-TLS?
Many thanks,
Ian
_________________________________________________________________
Help protect your PC. Get a FREE computer virus scan online from McAfee. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0
iQA/AwUBP3Qlno3dwu/Ss2PCEQLQgwCg/vsD8wvFkhBEgcdhP0sJgmu2UzgAn11N 1NaRCSe7TQUC9g9L4sj3gFhS =yiwB -----END PGP SIGNATURE-----
30th Telindus International Symposium Thursday, October 30, 2003 - Brussels Expo, Belgium
Check out the complete conference programme, exhibition, workshops and register now for this high value'must attend' event!
http://www.telindussymposium.com <<<
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
