Thanks.
-=Bill
Michael Melanson wrote:
> stop using cisco's crap. try using mfgrs that use rfc standards, not
> thier own modified flavor
>
> >>> [EMAIL PROTECTED] 11/11/2003 5:57:56 PM >>>
> I am having trouble.
>
> I think I have peap mostly working. However I make it to here and no
> further:
>
> ...............
> Tue Nov 11 17:30:15 2003 : Debug: auth: type "EAP"
> Tue Nov 11 17:30:15 2003 : Debug: modcall: entering group authenticate
> for request 0
> Tue Nov 11 17:30:15 2003 : Debug: modsingle[authenticate]: calling
> eap
> (rlm_eap) for request 0
> Tue Nov 11 17:30:15 2003 : Debug: rlm_eap: EAP Identity
> Tue Nov 11 17:30:15 2003 : Debug: rlm_eap: processing type tls
> Tue Nov 11 17:30:15 2003 : Debug: rlm_eap_tls: Initiate
> Tue Nov 11 17:30:15 2003 : Debug: rlm_eap_tls: Start returned 1
> Tue Nov 11 17:30:15 2003 : Debug: modsingle[authenticate]: returned
> from eap (rlm_eap) for request 0
> Tue Nov 11 17:30:15 2003 : Debug: modcall[authenticate]: module
> "eap"
> returns ok for request 0
> Tue Nov 11 17:30:15 2003 : Debug: modcall: group authenticate returns
> ok
> for request 0
> Tue Nov 11 17:30:15 2003 : Auth: Login OK: [wer] (from client bill
> port
> 37 cli 000dbd05196d)
> Sending Access-Challenge of id 50 to xxx.xxx.xxx.xxx:1074
> EAP-Message = 0x010300061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x7ccfeaae99381eb63b6fa53680227296
> EAP-Message = 0x010300061920
> State = 0x6c5e42fb077a8f93a4122d3835f9a2f7
> Tue Nov 11 17:30:15 2003 : Debug: Finished request 0
> Tue Nov 11 17:30:15 2003 : Debug: Going to the next request
> Tue Nov 11 17:30:15 2003 : Debug: --- Walking the entire request list
> ---
> Tue Nov 11 17:30:15 2003 : Debug: Waking up in 6 seconds...
> Tue Nov 11 17:30:21 2003 : Debug: --- Walking the entire request list
> ---
> Tue Nov 11 17:30:21 2003 : Debug: Cleaning up request 0 ID 50 with
> timestamp 3fb162f7
> Tue Nov 11 17:30:21 2003 : Debug: Nothing to do. Sleeping until we
> see
> a request.
>
> >From this point on things just hang out. windows ends up thinking it
> is
> enabled, all the while it never got its attributes. The AP reports
> that
> there is an "eap pending".
>
> My user looks like this.
>
> wer User-Password == "testtest"
> Framed-IP-Address = xxx.xxx.xxx.234
> Framed-IP-Netmask = 255.255.255.255
>
> I compiled with openssl 0.9.7c
>
> I think my certs are fine (the root was installed on the client)
> though
> I don't know if I need to compile with openssl 0.9.7beta3 or not to
> use
> peap. Also I was not sure what the "DH" file is, does Diffie-Hellman
> want to store dynamic keys there? Should it just be an empty file
> ("dh_file =" under tls {})?
>
> Any obvious words of wisdom or did I not provide enough information?
>
> Thank you,
>
> -=Bill
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -----------------------------------------------------
> This message is intended only for certain recipients and may be
> privileged or confidential. If you have received it in error, please
> notify sender and delete it without making or retaining a copy.
> -----------------------------------------------------
> <<<<*P*H*L*>>>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
