Thank you Mike, > btw - after you uninstalled SP1, were you able to > obtain a certificate > and authenticate to the network?
Yes, I was successfully install Certificate Authentication. But again, in WinXP (Non SP1) If I select "WEP Enabled" and "Key automatically provided me" then there is No way that I can properly register to the AP-Network. This just works for me: in AP settings, I disabled the WEP key and remove "Full Encryption," of course, it required EAP is also selected. In the WinXP client, I set a profile that register to and AP(SSID) with WEP enabled. It did work, I could obtain an IP adddress from the Network-Radius server thru AP. The thing is in the bottom right will popup the msg saying, click here to logon to the network. I click on that, it popups another dialog box say, Click on Yes to authenticate the certification. after clicking on Yes, my notebook receive an IP. THANKS. PLEASE try your instruction again (with or/and without SP1) along with WEP enabled and "Key provided auto to me." with AP settings WEP key (40bit). Regards, Stefano Y --- Mike van Opstal <[EMAIL PROTECTED]> wrote: > Good point - I haven't really done much testing with > XP SP1, other than > to note that they now require you to give explicit > permission to use > non-WEP 802.11 networks. My laptop just went back to ibm > for repair, so I > won't be able to try anything out immediately. > I'd usually say at this point to disable WEP to do > troubleshooting, > because the 1x authentication process isn't even getting > to the point yet > of key exchange, but I think I remember that SP1 doesn't > allow you to use > 1x without WEP. Thats really what it should do, I'm not > arguing that, but > it makes for some difficulty in troubleshooting. > In the last steps of the access point setup, you must > set a static wep > key just because its what cisco requires, it won't allow > you to set the > full encryption only setting unless you have some kind of > key entered, it > doesn't really matter what the key is. When you set in > the client > configuration to say that a key will be provided for you, > it just means > that the 1x authentication handshake will provide a > dynamic key to the > client. > What you specify in Note2 is the heart of the problem > - I don't know > why the certificate installation fails with SP1, but its > the basis of > your entire authentication problem since it doesn't > appear to be > getting the proper certificate. My gut feeling says > theres > probvably a trust problem, but I can't say for sure. I'm > going to try to > get a hold of an xp box at work today and figure out > whats going on there. > btw - after you uninstalled SP1, were you able to > obtain a certificate > and authenticate to the network? > > - mike > > On Tue, 29 Oct 2002, Stefano Y wrote: > > > Hello Mike, > > > > I did follow exactly as the instructions on website > says. > > > > I am not very clear about the AP settings, at last page > > (../8021x/howto/ap.html): Should I select 40bits and > enter > > 0123456789 (HEX) into Encryption Key, then go back the > WEP > > setup page to select the dropdown "Full Encryption?" > > > > Note: In the WinXP if client select "WEP enabled" and > "The > > Key is provided for me automatically" then user can not > > enter any key to WEP key field. > > > > Note2: WinXP with SP1 client will be not able to > install > > the Certification Authentication, it Can not find to > > download "Direct X Control." After uninstalled SP1 > then > > it's OK to install the Certification Authentication > > > > Thanks for your time. > > > > I am wondering if anyone else were able to follow those > > steps and successfully get Clients work. > > > > Stefano Y > > > > > > > > --- Mike van Opstal <[EMAIL PROTECTED]> wrote: > > > > > You're not getting your ip address because you > weren't > > > able to connect > > > to the network - seemingly because it couldn't find > the > > > proper certificate > > > to authenticate you. Did you select all the > certificate > > > templates to be > > > issued in step four of the server setup? Also make > sure > > > that under your > > > 1x certificate properties (in the connection > properties > > > dialog) that you > > > trust your custom cert authority. > > > > > > - mike > > > -- > general wireless list, a bawug thing > <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
