Go to 802.1x XP supplicant configuration. Below the box where you choose between certificate and PEAP authentication is a button Properties. Click on that and uncheck the Validate server certificate box.
Ivan Kalik Kalik Informatika ISP Dana 16/5/2008, "William E. Russell" <[EMAIL PROTECTED]> piše: >All, > >We are trying to setup WPA2 Enterprise authentication to work with the >FreeRadius server. We have configured EAP-PEAP authentication. We have >installed all the certificates and corrected the EAP.conf certificate paths. >We tried to connect from the supplicant from Windows XP. Windows asked for >the login/password and this is the output of the radiusd -X. The user is >configured in the users file. We couldn't see any error, however the >authentication didn't succeed. > >Can anyone help? > >---------- >Listening on authentication address * port 1812 >Listening on accounting address * port 1813 >Listening on proxy address * port 1814 >Ready to process requests. > User-Name = "Sushil" > NAS-IP-Address = 172.27.10.54 > Called-Station-Id = "001d7ef3e8d2" > Calling-Station-Id = "0019d24ee9a8" > NAS-Identifier = "001d7ef3e8d2" > NAS-Port = 15 > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0202000b0153757368696c > Message-Authenticator = 0x8ee1244bc3cdc5889f20f495cfb28373 >+- entering group authorize >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop > rlm_realm: No '@' in User-Name = "Sushil", looking up realm NULL > rlm_realm: No such realm "NULL" >++[suffix] returns noop > rlm_eap: EAP packet type response id 2 length 11 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated >++[unix] returns notfound > users: Matched entry Sushil at line 126 >++[files] returns ok >++[expiration] returns noop >++[logintime] returns noop >rlm_pap: Found existing Auth-Type, not changing it. >++[pap] returns noop > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >+- entering group authenticate > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 >++[eap] returns handled > EAP-Message = 0x010300061920 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xe5e45815e5e741bebb28e527c6b37a8d >Finished request 0. >Going to the next request >Waking up in 4.9 seconds. >Cleaning up request 0 ID 1 with timestamp +35 >Ready to process requests. > User-Name = "Sushil" > NAS-IP-Address = 172.27.10.54 > Called-Station-Id = "001d7ef3e8d2" > Calling-Station-Id = "0019d24ee9a8" > NAS-Identifier = "001d7ef3e8d2" > NAS-Port = 15 > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0200000b0153757368696c > Message-Authenticator = 0xc7c1127b55267c9b175f4af387037759 >+- entering group authorize >++[preprocess] returns ok >++[chap] returns noop >++[mschap] returns noop > rlm_realm: No '@' in User-Name = "Sushil", looking up realm NULL > rlm_realm: No such realm "NULL" >++[suffix] returns noop > rlm_eap: EAP packet type response id 0 length 11 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation >++[eap] returns updated >++[unix] returns notfound > users: Matched entry Sushil at line 126 >++[files] returns ok >++[expiration] returns noop >++[logintime] returns noop >rlm_pap: Found existing Auth-Type, not changing it. >++[pap] returns noop > rad_check_password: Found Auth-Type EAP >auth: type "EAP" >+- entering group authenticate > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 >++[eap] returns handled > EAP-Message = 0x010100061920 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xabace459abadfd4a371c1e7c34cafda3 >Finished request 1. >Going to the next request >Waking up in 4.9 seconds. >Cleaning up request 1 ID 1 with timestamp +144 >Ready to process requests. > >William E. W. Russell >Member of Technical Staff (Software Development) >198 Brighton Avenue >Long Branch, New Jersey 07740 >Home #: 732-752-2037 >Cell #: 732-744-6483 > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >rg] On Behalf Of [EMAIL PROTECTED] >Sent: Wednesday, May 14, 2008 2:11 PM >To: FreeRadius users mailing list >Subject: Re: freeRADIUS and WPA-2 Enterprise > >Hi, >> All, >> >> I have recently set up a freeRADIUS v2 server and would like some help >> configuring the server to use WPA-2 Enterprise. I was wondering if anyone >> had any tutorials, .conf files, etc. that would assist me in setting up my >> server with the correct configuration. I have noticed some help on the >> Internet, but most of the help is directed towards freeRADIUS v1, so I >need >> v2-specfic help. Thanks. > >a lot of the things regarding authorization, authentication, >SQL and LDAP is true for v2 as it is for v1 > >when you say 'set up a freeradius v2 server' what have you done? >ouyt of the box as a straight install, FR2 is ready to handle >WPA2-enterprise. all you need to do is install your own certs, >or make the default ones longer lasting and suitable for you (by >editing the server.cnf and client.cnf stuff and rerunning the >bootstrap), then add NAS devices to clients.conf and ensure >that the authentication you want to use is configured correctly. > >whatever you do, dont madly hack and edit down the default config files! > >alan >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
