hi
I am setting up a wireless network using FreeRadius and ORINOCO AP-2000 access points. I am trying to setup EAP/TLS for auth and encryption.talking about encryption: are you sure that Orinoco AP-2000 supports the dynamic WEP key generation? the RADIUS-attributes needed to do so (EAP TLS happens between your supplicant, i.e. winxp, and freeradius, but WEP happens between supplicant and AP, i.e. you have to support some kind of communication between freeradius and AP, and thus, this has to be done by radius-attributes) are proprietary (and called MS-MPPE-*-Key, where * = {Send, Receive}). please ensure that those are understood and treated correctly by your AP if you want to use "encryption" as you said.
At this point, I have the supplicant successfully connecting to the AP. FreeRadius then authenticates the user and reports an Access Accept. A few seconds later the XP supplicant disconnects from the AP and requests that I select my wireless network to logon again. Throughout thisyou should check the WEP configuration on both the AP and the supplicant. i would first deactivate every encpryption whatsoever (no WEP, no keys, no encryption in both the AP and the supplicant, 802.1x active, the newest draft, EAP required for open authentication) in order to ensure that the 802.1x by EAP/TLS works as it should. then i would try to verify what has been said before.
process, no packets are sent to the network behind the APs besides the auth info to the FreeRadius server. My understanding is that at the point of auth, the FreeRadius server, AP, and supplicant negotiate a WEP key based on the session key data. It seems that this isn't happing which is causing the client to disconnect. As I am not getting any errors on the Radius server, AP, or client that indicates the source of the problem, I'm not sure where to start looking. The question is, is this a problem with FreeRadius not negotiating properly, the AP not transmitting the data, or the supplicant not processing the auth properly? Has anyone seen this problem yet or am I just the lucky first?actually, AP doesn't negotiate anything. it gets the key material provided by the radius server, the only instance it can trust to due to the pre-shared (radius-) secret.
ciao
artur
--
Artur Hecker Groupe Accès et Mobilité
hecker[at]enst[dot]fr Département Informatique et Réseaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
