RE: Freeradius, Cisco Catalyst 2950, Windwos Domain

[�ystein G�sdal]

The WindowsXP supplicant works for me...kinda. It sends requests via my 2950, but i still can't logon, but I guess that has something to do with the configuration on the radius server.   In Network Connections -> <interface card> -> Authentication, it says something like this.   Enable IEEE 802.1x etc. is marked EAP type: Protected EAP (PEAP)   Press the Properties button   Take away the Validate server certificate mark.   Under Select Authentication Method, choose Secured password (EAP-MSCHAP v2)   Do you have the same?   Anyway, does this mean you have been able to authenticate users via a NT domain? What files did you configure to make it work? and what parameters?   - �ystein From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED] Sent: 8. oktober 2004 11:45 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain Hi �ystein Thanks for your help. I have the Calatlyst already configured like this and even when I turn on the "debug radius" option on the catalyst there is no output before a successful login :-( I now have tried the Aegis Client as Supplicant on Windows and with this supplicant authentication before domain login works perfectly (PEAP). Any other idea? Is the default Microsoft Windows XP supplicant that bad? Cheers Marco �ystein G�sdal wrote: If nothing shows in the radius debug, my guess is that you haven't configured the 2950 properly, i.e you have the wrong ip adress to the radius server. The configuration should look like this: aaa new-model aaa authentication dot1x default group radius radius-server host <radius server ip address> auth-port 1812 acct-port 1813 key <shared key> On the ethernet interface, you shold have this: dot1x port-control auto - �ystein G�sdal -----Original Message----- From: M.Cerqui - PUBLISHERIA [mailto:[EMAIL PROTECTED]] Sent: 4. oktober 2004 21:02 To: [EMAIL PROTECTED] Subject: RE: Freeradius, Cisco Catalyst 2950, Windwos Domain No wireless, wired environment! Authentication is required because the port goes into unauthenticated state and I haven't got any network access. ---------------------------------------- [EMAIL PROTECTED] said... ---------------------------------------- -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Montag, 4. Oktober 2004 21:07 To: [EMAIL PROTECTED] Subject: Re: Freeradius, Cisco Catalyst 2950, Windwos Domain "M.Cerqui - PUBLISHERIA" <[EMAIL PROTECTED]> wrote: Sorry for my bad english... the problem is, that I can't post any debug information because there isn't any. I start "freeradius -X" and turn "debug radius" on my catalyst on, but with the following windows xp configuration nothing occurs on the server and switch until I have logged in and the desktop is loaded. If the windows box is accessing the network via wireless, without FreeRADIUS being involved, then you haven't configured the AP to require authentication. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html