Alexandros Gougousoudis wrote:
I have been seeing the SAME thing, in a way, from my one XP home client (My laptop came with Vista, and I didn't care to move off it) and one day the WLAN connected into my Wireless network, next day it didn't. I suspected it was XP SP 3 but didn't dig too much into it, as wired worked. I tested the setup last night, and in short what I was seeing from my Radius (In debug mode: radiusd -X) was that the EAP-TLS was established, the user name was passed (but didn't match the proper realm, so that was discarded) and radius sent back a radius-challenge to my WAP, and then onto the client, and nothing ever came back. a few minutes later, I would get a Radius access request and repeat it, over and over and over. I get prompted for the proper certs, and so forth after tinkering with it for a little bit, but it still hasn't' connected. Frustrating problem that I haven't seen a solution to yet, which is similar to this problem, though slightly different.Hi,just to give an update on my efforts to make XP SP3 work with EAP-TLS.Machine based EAP-TLS authentification works for WIRED connections fine, as I wrote in the last mail. BUT that doesn't mean that it works for wireless connections. :-) Before SP3 there wasn't a problem with that, with this alphaversion of service pack, it's not working.First of all, the things you need to do with the network-adapters profiles, using the netsh command aren't working in XP with wlan profiles, simply because the netsh command doesn't know "netsh wlan ..." (you get an error), Vista knows that context, XP SP3 not. So there is a Freeware utility zwlancfg here http://www.engl.co.uk/products/zwlancfg/index.htmlGet that and you can export and import the wlan profiles. But setting the authentification to<authMode>machine</authMode>as with wired connections, won't work. You always get a "no certificate found" error (the cert which is ok for wired connections!) and no connection. If the tool zwlancfg is setting up the connection manually, you get an "illegal authmode" error. So you need to have setup the connection to an machineOrUser authmode. It seems there is no machine authmode in XP SP3 anymore.As written by MS here: http://msdn.microsoft.com/en-us/library/ms706279.aspx"This element is optional. When authMode is not specified in a profile, a value of |machineOrUser| is used. *Windows XP with SP3 and Wireless LAN API for Windows XP with SP2: *This element will be ignored if it is present in a profile"But stop! It's not that easy. :-) Because it's Microsoft, it always works a little, but never 100%. If no user is logged in (= Loginscreen), the connection is established (seen in the Radius log). If a user logs in, the connection is dropped and you get a "no cert" error. If the machine cert is included in the users context, using the cert-mgr, the connection is again established. So I have to install the machine cert for each user, which will login into the computer. And, hey, did I say that machine based EAP-TLS auth via WLAN worked in SP2, despite the MS information?It's definately not an Freeradius problem, but most people will look here to solve the problem. After a lot of googleing I found, that I must be the only one with that combination and problems.So SP3 haters, unite! :-) And stay with SP2. And no, I won't buy Vista!I'll post my solution here either. If someone likes to give me a hint, I'll be happy.cu Alex -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
~Seann
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
