Hi. I have been stuck in this problem for a quite a long time, I hope you can help me.
I have a wireless network using WPA-Enterprise, with EAP-TLS using radius 1.0.2. The system has been working good so far, using Windows XP clients and Linux with wpasupplicant with no problems. On the last month I'm having problems making new Windows XP clients connect to the network, even when old instalations of Windows XP SP2 are working good so far. The OEM Windows XP on the new machines don't interoperate correctly with freeradius, or seems so. Then non-working machines get stuck on the autentication phase and seem to loop the requests all the time. I've tried upgrading freeradius from 1.0.2 to 1.1.3, but the problem still persists, "old" machines connect without any problem but new ones get stuck. Both client and server certificate have the OID's refered in the documentation: Client: # /home/soft-local/openssl-0.9.8c/bin/openssl x509 -in /tmp/personal.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 206 (0xce) Signature Algorithm: md5WithRSAEncryption Issuer: C=ES, ST=Barcelona, L=Barcelona, O=Universitat Politecnica de Catalunya, OU=Departament de Llenguatges i Sistemes Informatics, CN=Laboratori de Calcul de LSI/[EMAIL PROTECTED] Validity Not Before: Sep 5 10:15:15 2006 GMT Not After : Dec 1 08:00:00 2006 Subject: C=ES, ST=Barcelona, L=Barcelona, O=UPC, OU=LSI, CN=marcos/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d7:f7:ba:f3:d0:69:ca:bf:c9:33:28:71:a6:cd: 08:1a:74:3e:e4:f1:e1:ed:00:7e:8c:76:1c:d0:43: 7b:1e:32:c0:3f:ad:a5:da:ea:38:96:c9:69:a2:4d: cc:cb:a4:62:24:34:0f:a9:bc:ca:9f:38:d9:84:c3: d9:bd:4d:98:d9:ad:92:82:82:59:2c:0c:64:17:97: 00:d4:c4:f3:b1:03:f4:88:05:de:1e:1b:22:ea:47: 1c:16:b5:f7:65:0f:17:6f:a9:e1:e4:ce:99:96:e5: eb:40:7c:28:d8:e6:b3:be:71:3e:e0:e9:1a:56:d3: e2:44:f7:3d:28:6e:d3:29:3d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: md5WithRSAEncryption a1:26:ae:7b:43:33:3e:40:87:20:68:24:00:13:e2:37:2c:ae: f9:e4:17:1f:11:32:53:b2:14:3e:11:f4:d9:1a:c5:b7:2e:37: 3b:41:5d:75:13:c7:0d:be:bc:51:97:b8:06:48:07:de:5f:02: 8f:27:5b:c9:7d:33:bf:84:8c:db:9f:74:3c:2e:42:f6:96:1b: 6a:c4:47:b7:62:53:8d:22:6f:14:32:9a:67:5e:9d:8f:d8:b4: ca:fc:e9:ab:fd:16:4f:c7:f9:91:9b:65:43:e7:b2:35:6a:a2: 9c:0b:0f:3a:1d:d9:75:ea:3b:4a:68:98:22:de:ba:f2:3e:f7: a4:a8 Server: # /home/soft-local/openssl-0.9.8c/bin/openssl x509 -in /home/soft-local/freeradius-1.1.3/etc/raddb/certs/cert-srv.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 153 (0x99) Signature Algorithm: md5WithRSAEncryption Issuer: C=ES, ST=Barcelona, L=Barcelona, O=Universitat Politecnica de Catalunya, OU=Departament de Llenguatges i Sistemes Informatics, CN=Laboratori de Calcul de LSI/[EMAIL PROTECTED] Validity Not Before: Mar 15 11:13:27 2006 GMT Not After : Mar 15 11:13:27 2007 GMT Subject: C=ES, ST=Barcelona, L=Barcelona, O=Departament de Llenguatges i Sistemes Informatics, OU=Laboratori de Caulcul de LSI, CN=Servei Wireless de LCLSI/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:aa:eb:d5:19:3d:63:4b:ee:b2:ae:c2:73:24:69: cd:61:0a:44:66:45:fe:e9:2e:c0:90:be:1a:c5:39: 2a:95:9e:53:ee:0f:29:01:28:43:6e:e6:11:44:09: 1c:e7:ae:b8:72:22:9d:03:60:26:6f:90:92:cf:bb: 22:66:61:3f:ba:5a:89:62:c0:aa:09:aa:9c:2f:05: b9:67:c1:b2:0e:ad:5e:9d:ab:c4:45:79:51:97:fd: 15:da:ba:29:06:5f:fb:4a:d0:7d:80:2e:7d:b9:91: 58:32:56:a8:69:36:7e:9c:54:66:ac:25:10:62:be: e1:60:f0:aa:9b:02:fc:b6:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: md5WithRSAEncryption bb:b0:de:06:6a:03:fd:34:f7:38:8d:07:e7:b7:ee:97:0a:94: f2:82:ab:10:6b:08:cf:4c:9f:97:e7:be:a3:1b:12:e5:9a:b1: 86:35:85:20:06:4a:a9:51:f3:83:de:69:6e:e5:c4:22:e5:88: 17:f4:23:e7:70:5b:f6:d2:ae:50:c5:e6:c4:fd:93:f4:b8:61: 92:df:1d:9d:01:1b:16:87:02:6c:a5:02:87:7b:ad:bc:a3:65: 26:7c:82:81:48:e9:62:60:ab:c5:63:fc:9f:17:d0:d9:7f:53: 3d:e7:bc:85:f9:01:a9:97:e7:88:2a:d9:b2:a2:8a:7c:1c:bd: 85:4a And the traces of the server: - Working on an "old" machine attached as http://www.lsi.upc.edu/~marcos/correcto.txt - Non-Working on a "new" machine attached as http://www.lsi.upc.edu/~marcos/incorrecto.txt Thank you all. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html