On Thursday 06 of May 2010 14:23:52 Bjorge Solli wrote: > Info: www.eduroam.org, www.eduroam.no > Setup: we have two Win2k3 servers as authenticators for our two domains > (students and staff) and one had this patch and the other didn't: > http://support.microsoft.com/kb/948963 > The domain with the patch failed to authenticate and removing the patch > solved the problem. > The patch adds " TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA and the > TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA AES". > This patch is backported from Win Server 2008.. >
Thanks for the info. It's good to know that it works without the hotfix on Windows. In that case, RC4-based cipher is probably used. Nevertheless, it is ironic that with the hotfix the negotiation is not successful, because it's meant to improve cooperation with OpenSSL. > Our problem is solved for now, but maybe someone should try to solve the > underlying problem? I have attached the wpa_supplicant log of a failing > connection. > I don't know what the actual problem is, but TLS/SSL handshake was not successful. If you have a chance to capture packets with Wireshark (or something) in not- working case, it would help to identify issues in SSL handshake. BTW, what distributions do you use? What are the versions of NM, wpa_supplicant and OpenSSL? Searching a bit on the problem, there could be a bug in older versions of wpa_supplicant. > Please cc to me on replies as I don't read the list every day. > > On 27/04/10 13:30, Jirka Klimes wrote: > > You can follow instructions in section "Debugging WiFi Connections" on > > http://live.gnome.org/NetworkManager/Debugging > > Thanks! > > - Bjørge Jirka _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
