Go to the properties for PEAP in Windows XP, click configure on the botoom right and uncheck use my Windows logon name and password. The default is to pass the logged in credentials.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Bob > McCormick > Sent: Friday, April 23, 2004 4:25 PM > To: [EMAIL PROTECTED] > Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) > > > WinXP doesn't pop up a dialog box asking for your username > and password? > > On Apr 23, 2004, at 2:22 PM, Clayton Dukes wrote: > > > As far as I can tell, the username is getting accepted, but there's > > nowhere > > for me to put the user's password in. > > Does anyone know where the password gets set? I tried setting the > > password > > on my laptop thinking it may pull it from the windows > account, but no > > dice. > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > Behalf Of Bob > > McCormick > > Sent: Friday, April 23, 2004 3:13 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) > > > > I don't know much about the the LDAP module, but it sure looks like > > it's not > > returning a password for the user. > > > > Try putting a test user in the users file like this: > > > > localpeap User-Password == "test" > > > > See if you can authenticate as that user. > > > > > > On Apr 23, 2004, at 2:03 PM, Clayton Dukes wrote: > > > >> That did the trick... > >> I'm connecting now but getting an Auth failure. > >> I see where I can set a different username in XP, but > where do I set a > >> password? > >> > >> Here's my output: > >> Waking up in 4 seconds... > >> rad_recv: Access-Request packet from host 16.19.20.5:59342, id=99, > >> length=147 > >> User-Name = "cdukes" > >> Framed-MTU = 1400 > >> Called-Station-Id = "000f.8f76.2e20" > >> Calling-Station-Id = "0006.25a9.8594" > >> Message-Authenticator = 0x9fe1634ba1f815346a56cf48a7dd3d59 > >> EAP-Message = 0x02010014016364756b65733a6931323639753131 > >> NAS-Port-Type = Wireless-802.11 > >> NAS-Port = 263 > >> Service-Type = Framed-User > >> NAS-IP-Address = 10.100.10.10 > >> NAS-Identifier = "ap-noc" > >> Processing the authorize section of radiusd.conf > >> modcall: entering group authorize for request 35 > >> modcall[authorize]: module "preprocess" returns ok for request 35 > >> rlm_eap: EAP packet type response id 1 length 20 > >> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > >> modcall[authorize]: module "eap" returns updated for request 35 > >> rlm_realm: No '@' in User-Name = "cdukes", looking up > realm NULL > >> rlm_realm: No such realm "NULL" > >> modcall[authorize]: module "suffix" returns noop for request 35 > >> users: Matched DEFAULT at 152 > >> users: Matched DEFAULT at 171 > >> users: Matched DEFAULT at 218 > >> modcall[authorize]: module "files" returns ok for request 35 > >> modcall: group authorize returns updated for request 35 > >> rad_check_password: Found Auth-Type LDAP > >> auth: type "LDAP" > >> Processing the authenticate section of radiusd.conf > >> modcall: entering group Auth-Type for request 35 > >> rlm_ldap: - authenticate > >> rlm_ldap: Attribute "User-Password" is required for authentication. > >> modcall[authenticate]: module "ldap" returns invalid for > request 35 > >> modcall: group Auth-Type returns invalid for request 35 > >> auth: Failed to validate the user. > >> Delaying request 35 for 1 seconds > >> Finished request 35 > >> Going to the next request > >> --- Walking the entire request list --- Waking up in 1 seconds... > >> --- Walking the entire request list --- Waking up in 1 seconds... > >> --- Walking the entire request list --- Sending > Access-Reject of id 99 > >> to 16.19.20.5:59342 Waking up in 1 seconds... > >> --- Walking the entire request list --- Cleaning up > request 34 ID 98 > >> with timestamp 4089758b Waking up in 3 seconds... > >> > >> > >> TIA! > >> Regards, > >> Clayton Dukes > >> CCNA, CCDA, CCNP, CCDP > >> Sr. Network Engineer > >> E Solutions Corp. > >> http://www.esnet.com > >> 813.301.2620 (o) > >> 813.545.7373 (c) > >> > >> > >> > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On > Behalf Of Bob > >> McCormick > >> Sent: Friday, April 23, 2004 2:26 PM > >> To: [EMAIL PROTECTED] > >> Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP) > >> > >> Here's a config template I use for Cisco 1120 AP's. Try > this and > >> see > >> if it works for you. > >> > >> > >> > >> !######################################### > >> ! Basic config template for Cisco IOS Access Points ! > 4/20/2004 - BDM > >> - > >> I've tested it with 1120's but should work with 1200's > >> !######################################### > >> ! > >> ! > >> !############################### > >> ! Remove some junk from the default config that we don't want/need > >> !################################## > >> no ip dhcp excluded-address 10.0.0.1 10.0.0.10 no ip dhcp pool > >> local-default-pool no aaa group server radius rad_mac no aaa group > >> server radius rad_acct no aaa group server radius rad_admin no aaa > >> group server > >> tacacs+ tac_admin no aaa group server radius rad_pmip no aaa group > >> server > >> radius dummy no aaa authentication login mac_methods local no aaa > >> authorization ipmobile default group rad_pmip no ip http > server no ip > >> http help-path ! > >> ! > >> !########################### > >> ! AAA config for EAP authentication and some radius accounting > >> !############################# aaa new-model aaa > authentication login > >> eap_methods group rad_eap aaa authorization exec default local aaa > >> accounting network acct_methods start-stop group rad_acct aaa > >> session-id common ! > >> aaa group server radius rad_eap > >> server <ipaddress> auth-port 1812 acct-port 1813 ! > >> bridge irb > >> ! > >> interface Dot11Radio0 > >> no ip address > >> no ip route-cache > >> ! ##### Require wep128 encryption > >> encryption mode ciphers wep128 > >> ! ##### rotate broadcast wep key every 10 minutes > >> broadcast-key change 600 > >> ! ##### Create an SSID named "wifi" > >> ! ##### Require EAP authentication > >> ! ##### broadcast the SSID > >> ssid wifi > >> authentication open eap eap_methods > >> guest-mode > >> ! ###### set the data rates support and/or required by the > AP ! ###### > >> These are the rates recommended by Cisco for best > throughput ! ###### > >> for supporting both 802.11.b and 802.11g > >> speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 > >> 24.0 36.0 48.0 54.0 ! > >> rts threshold 2312 > >> station-role root > >> no cdp enable > >> ! ###### Tell the AP to honor the Session-Timeout returned by the > >> Radius server > >> dot1x reauth-period server > >> ! > >> bridge-group 1 > >> bridge-group 1 subscriber-loop-control > >> bridge-group 1 block-unknown-source > >> no bridge-group 1 source-learning > >> no bridge-group 1 unicast-flooding > >> bridge-group 1 spanning-disable > >> ! > >> interface FastEthernet0 > >> no ip address > >> no ip route-cache > >> bridge-group 1 > >> no bridge-group 1 source-learning > >> bridge-group 1 spanning-disabled > >> > >> ! > >> interface BVI1 > >> ip address <ip address> <subnetmask> > >> > >> > >> ! > >> ip tacacs source-interface BVI1 > >> ip radius source-interface BVI1 > >> radius-server host <ipaddress> auth-port 1812 acct-port > 1813 key <key> > >> radius-server attribute 32 include-in-access-req format %h > >> radius-server authorization permit missing Service-Type > radius-server > >> vsa send accounting bridge 1 route ip > >> > >> > >> On Apr 23, 2004, at 1:15 PM, Clayton Dukes wrote: > >> > >>> I can see from searching the mailing list that this has been asked > >>> many times, but what I can't seem to locate are config > examples or a > >>> good howto on setting everything up. > >>> I have the radius server set up -- and it appears to work > on, but I > >>> am not sure what I am lacking/doing wrong on the AP. > >>> I have followed the instructions from the following URL: > >>> http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm > >>> It's a very good guide -- although outdated, I was still > able to get > >>> the radius and client side configured. > >>> What I see now are no requests from the AP to the radius > server when > >>> I boot up the laptop. The laptop is not able to get to > the AP either. > >>> I also have LDAP auth turned on, when I telnet to the AP the LDAP > >>> piece communicates fine with the radius server so I know the comms > >>> are ok. > >>> > >>> Does anyone have an example 1100AP config that I can use? > >>> > >>> > >>> > >>> > >>> Regards, > >>> Clayton Dukes > >>> CCNA, CCDA, CCNP, CCDP > >>> Sr. Network Engineer > >>> E Solutions Corp. > >>> http://www.esnet.com > >>> 813.301.2620 (o) > >>> 813.545.7373 (c) > >>> > >>> > >>> > >>> > >>> - > >>> List info/subscribe/unsubscribe? See > >>> http://www.freeradius.org/list/users.html > >>> > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > >> > >> > >> > >> > >> > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > !DSPAM:40896916206621774497321! > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > ********************************************************************** The information and any files contained in this e-mail message are property of WestPoint Stevens Inc., its subsidiaries or affiliates, and are intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you hereby are notified that use, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error, please immediately notify us by return e-mail and destroy the original message. Thank you. ********************************************************************** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
