(SOLVED) Re: PEAP or TTLS and Microsoft Vista.

Thu, 24 Jul 2008 07:01:38 -0700 

Phil Mayers wrote:

Lech Karol Pawłaszek wrote:

SecureW2 (List) wrote:

http://msdn.microsoft.com/en-us/library/aa813696(VS.85).aspx


Nice article. However I don't understand a few things. What's "pdb
<pdbpath>"? I'm not good at Windows.



Good lord... they've made the EAP logging *worse*. I didn't think that 
was possible.


:-)

[...]

So, all is good. But about 5 seconds later:

[2108] 12:04:03.819 OneXIndicatePacket

[2108] 12:04:03.819 Port(38): Received an Eap packet length=5, 
type=EapRequestId, identifier=11, eapType=0

<snip>

[4924] 12:04:03.820 Port(38): Restarting authentication due to reason = 
PeerInitiated


similarly in eaphost.txt:


[3432] 12:04:03.831 Received an identity request packet without an 
active session - restart auth


Are you sure the problem is what you think it is?



Ok. You rock. It's 3com's fault. At least I believe so. I've upgraded 
3com 4500 switch firmware to the newest version on my test switch and 
when "user handshaking" is disabled everything works.



FWIW the previous firmware (which I use on production atm) doesn't have 
an option to disable user handshaking. Pity.



And to be clear - ALL OTHER OSes (namely MacOsX 10.4 Tiger, MacOsX 10.5 
Leopard, GNU/Linux <<a few ubuntu, fedora and debian systems>> and MS 
Windows XP <<exluding SP3>>) work with this feature enabled.


[...]

Can you get a trace from both the windows machine and FreeRadius run 
under "-X" at the *same time*? The "freeradius.log" in your original 
email does not appear to be the same issue - that looks more like there 
are no compatible EAP types at both ends.



Hm. The original "freeradius.log" contains logs when I tried to 
authenticate using Vista's built-in PEAP supplicant. Which - I suppose - 
says that Vista doesn't like my certificate.



OTOH "freeradius-securew2.log" contains logs when I tried to use 
secureW2 EAP suite which showed server-side of this issue. I was able to 
connect. Work for a minute or so. And suddenly... switch sends 
'handshake packet' which confuses Vista... and connection is dropped.



Anyway. Thanks everyone for help. I'll make some more testing and try to 
update firmware on production. I'll let you know if everything will be ok.


Kind regards,

--
Lech Karol Pawłaszek <ike>
"You will never see me fall from grace" [KoRn]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
























					Reply via email to