up! (never says die)
================== Ok, i think i really missed something! that config should take less than 15 minutes but i can't solve my problem for more than a week. Alan or Ivan, could you give me a half our to help me to fix my RADIUS EAP-TLS config please. i would like to give you a full access to my network and my terminal too, so the diagnostic should be very very easy for you! is it possible? MBA OYONE Joël Lot. El Firdaous Bât GH20, Porte A 204, Appt 8 20000 Oulfa Casablanca - Maroc Tél. : +212 69 25 85 70 ----- Message d'origine ---- De : Alan DeKok <[EMAIL PROTECTED]> À : FreeRadius users mailing list <[email protected]> Envoyé le : Lundi, 5 Mai 2008, 17h18mn 10s Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ?? Joel MBA OYONE wrote: ... > The VLAN attributes defined in RFC3580 are as follows: > • Tunnel-Type=VLAN (13) > • Tunnel-Medium-Type=802 > • Tunnel-Private-Group-ID=VLANID > > NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, > which > is why client entries use 6 for the Tunnel-Medium-Type value. No. For Tunnel-Medium-Type, "802" is a *name*, not a *number*. See Section 3.2 of RFC 2868: ... Value The Value field is three octets and contains one of the values listed under "Address Family Numbers" in [14]. For the sake of convenience, a relevant excerpt of this list is reproduced below. 1 IPv4 (IP version 4) 2 IPv6 (IP version 6) 3 NSAP 4 HDLC (8-bit multidrop) 5 BBN 1822 6 802 (includes all 802 media plus Ethernet "canonical format") ... FreeRADIUS gets it *right*. Many NAS vendors get it *wrong*. > To create a user and assign the user to a particular VLAN by using > FreeRADIUS, open the > etc/raddb/users file, which contains the user account information, and add > for the new user. > The following example shows the entry for a user in the users file. The > username is > “johndoe,” the password is “test1234.” The user is assigned to VLAN 77. > > johndoe Auth-Type: = EAP, User-Password == “test1234" > Tunnel-Type = 13, > Tunnel-Medium-Type = 6, Or: Tunnel-Medium-Type = IEEE-802 .... > > in both cases, it stays on "IDENTITY VALIDATION" in xp wireless management > and sometime i receive the right ip adresss in the right IP Pool. ut lost it > immediately, maybe cause of the repeating cycle of athentication sequence. > AND, the client certificate, signed by the Server (not the CA root) is still > with the same message. > > > hope it would be helpfull !! Arg. Microsoft keeps putting magic nonsense into their OS's to make it difficult to use non-Microsoft RADIUS servers. And yes, this *is* a problem even inside of Microsoft! So if you're finding it a PITA to get it working, rest assured that Microsoft does, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Do You Yahoo!? En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Do You Yahoo!? En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
