Bon sy wrote:
Hi Christian, John, and Mike,
I have a similar problem as John on getting the 802.1X client of
XP to work with the radius via Cisco 350 AP -- except I am looking into
EAP-TLS.
I have the same setup on the 802.1x client side. I follow the document reference mentioned in eap_tls.cfg for the setup, but no luck. I talked to Mike and he emailed me the screen shot of the Cisco (340?) AP set up required to work with the EAP-TLS. I follow that and use the certificate Hugh mentioned not too long along for the test. Still no luck.
When I initially config the AP and check both EAP and Mac
authentication in the "security tab" of the AP setup, I kept getting
radius response on MAC authentication, and EAP authentication does not
seem to happen. So, I thought it could be the certificate issue or the AP
just ignore the EAP authentication because MAC authentication is also
checked.
Next what I do is to uncheck MAC authentication and leave only EAP
authentication, and use the test certificate Huge posted so that it
eliminates the possibility of the problem that is due to certificate generation. With that, radius does not even get the rquest response. A
minor side note, I did make sure to use the right certificate in the XP
machine. So, if assuming the screen shot Mike sent me is complete, the
only possible conclusion left is the XP side. But as of now, I could not
find any document addressing similar problems. John's posting is as close
to my problem as I can find.
Anyone out there has any insights? Thanks in advance!
Bon
On Fri, 7 Mar 2003, Christian Wiedmann wrote:
Your settings sound fine. I have PEAP authentication working with the same setup on XP Home (SP1). I don't think that it matters whether the authenticate as computer or authenticate as guest boxes are checked (except that obviously it's going to fail to authenticate if you don't have them configured in Radiator).
Are you sure you're getting a TLS tunnel? The TLS tunnel isn't established until the first identity exchange, which normally only happens after you enter information in the login window. If you actually are getting to the TLS stage, Windows must have credentials from somewhere - double check the MSCHAP-V2 settings to make sure it isn't using your Windows login information.
What AP are you using? If it is a Linksys WRT51AB or similar, I've discovered that the AP requires a State attribute to be in the Radius replies. I've modified my version of Radiator to add one. I'm not sure if there is a cfg- file way of doing this -- I actually modified the perl code.
-Christian
On Fri, 7 Mar 2003, John McFadden wrote:
Date: Fri, 07 Mar 2003 14:16:44 -0500 From: John McFadden <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: (RADIATOR) Anyone get EAP-PEAP on XP to work Radius?
I installed lastest Service Pack on XP to get the built in 802.1x client but can't seem to get it to
authenticate via Radius. It appears that I get a TLS tunnel but never get a logon popup on XP.
I believe it is some kind of setup issue on XP not Radiator so I just would like to
verify my XP setup before getting into Radiator.
I started the Wireless Zero Config service.
I clicked on the applicable connection and it's property button.
In the authentication tab (confirms the Wireless Zero Config installed and running.)
-I clicked on Enable IEEE802.1x
-I selected Protected EAP (PEAP)
-I left off Authenticate as computer
-I left off Authenticate as guest
In the peap properties tabe.
-I left off validate server certficate - I assume not required for EAP-PEAP? Is this my problem?
-I selected EAP-MSCHAPV2 as authentication method.
In the EAP-MSCHAPV2 properities I left off the use Windows userid, password and domain.
Can someone comment confirm this setup should work?
Thanks in advance.
John McFadden
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
-- ************************************************************************ Denis Pavani
CINECA - Comunicazioni e Sistemi Distribuiti NOC - Network Operation Center
phone:+39 0516171953 / fax:+39 0516132198
http://www.cineca.it
************************************************************************
"Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
-- Gunny Highway
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
