Ok. i made an upgrade, but when i test it without certificate verification Windows 7 is not asking me for user and password, but sends "host/name_of_the_host". I unchecked in connect properities to use same login and password as I log in into machine..
-----Original Message----- From: freeradius-users-bounces+k.srokowski=gdansk.gda...@lists.freeradius.org [mailto:freeradius-users-bounces+k.srokowski=gdansk.gda...@lists.freeradius. org] On Behalf Of Alan DeKok Sent: Wednesday, October 20, 2010 9:03 AM To: FreeRadius users mailing list Subject: {Spam?} Re: Freeradius 1.2.3 and Windows 7 Krzysztof Srokowski wrote: > I`m sorry, I`m using pfSense release 1.2.3, with freeradius package 1.1.2_1 (latest) Uh... upgrade. 1.1.2 is *very* old. It's very likely that it won't work with recent versions of Windows. Fixes to work around Windows "issues" went into later versions of the server, and aren't in 1.1.2. > Below I describe my configuration; > > 1. pfSense with freeradius 1.1.2_1 > 2. Access Point Linksys WRT54G > 3. Clients Windows XP SP3 and Windows 7 > > My goal was to create WiFi access with WPA2 (AES) + EAP-PEAP(MSCHAPv2). For tests I generated server certificate from my own CA. Both certificates CA certificate, and server certificate was transferred to freeradius server and configured in eap.conf file in tls section. I made also other configurations to use peap protocol and mschapv2. > > The second step was the clients. My root CA certificate was installed to certificate repo in system. I checked all required options in connection properities like (use WPA2 with AES, PEAP, verify server certificate also with root CA certificate which was imported before). When I tried to connect from XP client everything is fine, client is authorized and connection works without problem. But from Windows 7 client its not. Same configuration, same settings, and I get error in radius.log: > > ---- > " Tue Oct 19 13:01:06 2010 : Error: TLS Alert read:fatal:unknown CA > Tue Oct 19 13:01:06 2010 : Error: TLS_accept:failed in SSLv3 read > client certificate A > Tue Oct 19 13:01:06 2010 : Error: rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Tue Oct 19 13:01:06 2010 : Error: rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails. > Tue Oct 19 13:01:06 2010 : Auth: Login incorrect: > [host/um4910142413/<no User-Password attribute>] (from client WRT54G port 35 cli 000e2e950bbd) " <shrug> Those error messages are pretty definitive. In any case, I wouldn't bother trying to track down the problem. Install 2.1.10, and then follow the EAP / Windows instructions on my web site: http://deployingradius.com Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html