From the RASTLS.log in WinXP:"Failing Auth because we got a success/fail without TLV."
The file RASTLS.LOG is the WindowsXP log, obtained by setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASTLS\EnableFileTracing flag to 1.
And if you got the same thing from the log, here's the answer to Mike from Alan Dekok:
Mike Saywell <[EMAIL PROTECTED]> wrote: I can authenticate with XSupplicant under Linux fine, but Windows fails apparently with the error "Failing Auth because we got a success/fail without TLV."
Hmm... it looks like the PEAP module puts the data into a buffer, to be put into the TLS tunnel, but the tls code never looks for it on success/failure.
The functions in eap_tls.c, eaptls_success() and eaptls_fail() have to be updated to look a little more like eaptls_request(). i.e. to call record_minus(), etc, to grab the data from the buffer, and put it into the tunnel.
In the peap section I've tried various combinations of the copy_request_to_tunnel and use_tunneled_reply flags to no avail - including leaving them unspecified.
That won't work, as the code is just wrong.
Hopefully somebody can spot what is probably a silly mis-configuration on my part!
Nope.
PEAP probably works on other systems because they don't look for the "TLV" response code, like they're supposed to. XP does, so it fails when the PEAP module doesn't supply the TLV.
Alan DeKok.
Hope this helps
From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: PEAP authentication very strange problem! PLEASE HELP Date: Thu, 15 Jan 2004 09:09:34 +0100 (MET)
Anybody knows about this problem...? please help if you have an idea!!! thanks a lot
> hello everyone,
> I have a very strange problem while I try to do PEAP authentication...
> I have successfully made TLS authentication, TTLS also works with secureW2
> client, but when I tried to do PEAP authentication, I have a very strange
> problem:
> I am using a snaphot of freeradius from 2004/01/04 ,my supplicant is
> windows XP SP1 with all patch, and when I do PEAP authentication, all is
> fine for freeradius : I have an access accept and MPPE received and send
> key that are printed out. all seems to be good, my AP (which is cisco ap)
> says in the log : "eap authenticated successfull = username ", the same
> message that I had when TLS and TTLS worked.
> But in the same time, in Windows side, I have already the same message :
> "wait for authentication".... and it's not really authenticated because I
> can't do a ping or something like that. I dont have the good message :
> authentication successfull, which appeared with TLS and TTLS.
> But why ??? I really dont understand what is not good here... I think it's
> a problem in windows side, don't you think so?? SI it possible ti be a
> problem with freeradius or my AP ?? please if someone knows, help me!
>
> Renaud Garelli
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
