hi
> I tried again. > It worked fine! > The radius server is sending the WEP key to the client and the AP. well, kind of. in fact, the server sends those MPPE keys to the AP, the AP then creates the WEP key and sends it to the client. the client has to create its MPPE keys by himself (they are derived from TLS master secret which is negotiated during the auth) > I also tried session timeout, this also works fine. > Here is the *correct* last response from the radius server: > > Sending Access-Accept of id 17 to 192.168.1.50:1041 > Session-Timeout = 60 > MS-MPPE-Recv-Key = > 0xc86d140abd8a14c351b5f5fe57d1a80fa9f8cb4cd031df826799f6a5ea26a35d0636652e66 > a3d38e20e2c95849b306ebcd12 > MS-MPPE-Send-Key = > 0xc86ea9f84be30702154115cfc2f365ebd9ac7455de3f00e7b35c659ff600f3300396b1b975 > 1dd219fbc95faa9c94452edde4 > EAP-Message = "\003\005\000\004" > Message-Authenticator = 0x00000000000000000000000000000000 > Finished request 9 looks good. you mean session timeout of the radius server? > Sending Access-Accept of id 22 to 192.168.1.50:1046 > Session-Timeout = 60 > MS-MPPE-Recv-Key = > 0x9d74e62ce37e6361a2847632c373ba5628eccc12c6e06ca347b1b9783e1713a0d4ac0c7628 > 97fca4dd2cda40b2351271dab9 > MS-MPPE-Send-Key = > 0x9d73bb620d16b0948f70848be54a316cb2da912aef4a882d2f78bf671f07ecd9ff0a0f6400 > 625289f67f483ca93d8440cce6 > EAP-Message = "\003\006\000\004" > Message-Authenticator = 0x00000000000000000000000000000000 > Finished request 14 > > Where can i find out how these keys are created? in the MS VSA RFC. http://www.freeradius.org/rfc/rfc2548.html, there are also some drafts which describe exactly that (look around on the page) ciao artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
