Hi All, according to my experiments, XP will never ask for certificate, login or password details for any EAP type for a wireless or 802.1x LAN connection _unless_ the 'Show icon in notification area when connected' option is enabled in XP.
Cheers. On Sun, 9 Mar 2003 12:36 am, Bon sy wrote: > Hi Christian, John, and Mike, > > I have a similar problem as John on getting the 802.1X client of > XP to work with the radius via Cisco 350 AP -- except I am looking into > EAP-TLS. > > I have the same setup on the 802.1x client side. I follow the > document reference mentioned in eap_tls.cfg for the setup, but no luck. I > talked to Mike and he emailed me the screen shot of the Cisco (340?) AP > set up required to work with the EAP-TLS. I follow that and use the > certificate Hugh mentioned not too long along for the test. Still no luck. > > When I initially config the AP and check both EAP and Mac > authentication in the "security tab" of the AP setup, I kept getting > radius response on MAC authentication, and EAP authentication does not > seem to happen. So, I thought it could be the certificate issue or the AP > just ignore the EAP authentication because MAC authentication is also > checked. > > Next what I do is to uncheck MAC authentication and leave only EAP > authentication, and use the test certificate Huge posted so that it > eliminates the possibility of the problem that is due to certificate > generation. With that, radius does not even get the rquest response. A > minor side note, I did make sure to use the right certificate in the XP > machine. So, if assuming the screen shot Mike sent me is complete, the > only possible conclusion left is the XP side. But as of now, I could not > find any document addressing similar problems. John's posting is as close > to my problem as I can find. > > Anyone out there has any insights? Thanks in advance! > > Bon > > On Fri, 7 Mar 2003, Christian Wiedmann wrote: > > Your settings sound fine. I have PEAP authentication working with the > > same setup on XP Home (SP1). I don't think that it matters whether the > > authenticate as computer or authenticate as guest boxes are checked > > (except that obviously it's going to fail to authenticate if you don't > > have them configured in Radiator). > > > > Are you sure you're getting a TLS tunnel? The TLS tunnel isn't > > established until the first identity exchange, which normally only > > happens after you enter information in the login window. If you actually > > are getting to the TLS stage, Windows must have credentials from > > somewhere - double check the MSCHAP-V2 settings to make sure it isn't > > using your Windows login information. > > > > What AP are you using? If it is a Linksys WRT51AB or similar, I've > > discovered that the AP requires a State attribute to be in the Radius > > replies. I've modified my version of Radiator to add one. I'm not sure > > if there is a cfg- file way of doing this -- I actually modified the perl > > code. > > > > -Christian > > > > On Fri, 7 Mar 2003, John McFadden wrote: > > > Date: Fri, 07 Mar 2003 14:16:44 -0500 > > > From: John McFadden <[EMAIL PROTECTED]> > > > To: [EMAIL PROTECTED] > > > Subject: (RADIATOR) Anyone get EAP-PEAP on XP to work Radius? > > > > > > I installed lastest Service Pack on XP to get the built in 802.1x > > > client but can't seem to get it to > > > authenticate via Radius. It appears that I get a TLS tunnel but never > > > get a logon popup on XP. > > > > > > I believe it is some kind of setup issue on XP not Radiator so I just > > > would like to > > > verify my XP setup before getting into Radiator. > > > > > > I started the Wireless Zero Config service. > > > > > > I clicked on the applicable connection and it's property button. > > > > > > In the authentication tab (confirms the Wireless Zero Config installed > > > and running.) > > > -I clicked on Enable IEEE802.1x > > > -I selected Protected EAP (PEAP) > > > -I left off Authenticate as computer > > > -I left off Authenticate as guest > > > > > > > > > In the peap properties tabe. > > > -I left off validate server certficate - I assume not required for > > > EAP-PEAP? Is this my problem? > > > -I selected EAP-MSCHAPV2 as authentication method. > > > > > > In the EAP-MSCHAPV2 properities I left off the use Windows userid, > > > password and domain. > > > > > > Can someone comment confirm this setup should work? > > > > > > > > > > > > Thanks in advance. > > > > > > John McFadden > > > > > > > > > > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
