Additionally
Peap goes through about 10 steps in authenticating, I discovered that at about stage 6 the Radius server is awaiting response from the supplicant about its certificate. If the certificate is not loaded or is not ticked in Peap properties the Radius server just sits waiting for a response which never arrives.
I am thinking of using EAP-TLS without Peap as installing Certificates is not really how i'd prefer to secure 100s of laptops.
Unless theres an easier way ?
Regards Dave
----- Original Message ----- From: "Peter Hicks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 20, 2004 4:57 AM
Subject: RE: error authenticating wireless user
What did you do to import the certificate? I know it seems like a dumb
question but I have used the IE import facility yet I am getting the same
TLS_accept error as you reported. I have also tried importing .pem and .der
certificates but it hasn't made a difference.
EAP-TLS works fine so the certificates seem to be loaded properly but I am
willing to try alternative import methods. Is there a reason that TLS would
work but PEAP wouldn't?
Does anyone else have advice, from their experience?
Thanks,
Peter
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, 20 October 2004 1:37 AM To: [EMAIL PROTECTED] Subject: Re: error authenticating wireless user
Hi again,
Ok so now I have the supplicants working after manually setting up the
certificates on the clients.
What is the best way of setting up a certificate server so that this kind of
thing can be done seamlessly ?
Manually adding certificates to 100's of laptops does not sound like my cup
of tea.
Regards Dave
----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 19, 2004 5:02 PM
Subject: Re: error authenticating wireless user
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:I have it setup to use peap and all the configurations seem correct. I have the shared secret set in the clients.conf for the AP and the same key set on the Radius section along with the IP of the server on the AP.
Yup. The debug log shows that everything is configured correctly.
Notice that for some reason the password is not there ?
It's using EAP, which doesn't include the password.
...Sending Access-Challenge of id 134 to 192.168.0.253:1072
What's happening is that the server is going through the EAP conversation, and at some point, the laptop stops responding to it. There's not much you can do to the server to solve that problem.
Alan DEKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
