Hi, i'm trying FreeRADIUS with HostAP and OpenLDAP to build a 'secure' AP. I've configured it to work with EAP-TLS and it work's fine with the Windows XP supplicant. But if I configure it to work with EAP-MD5, it seems not to work: - the Windows XP client is configured with EAP-MD5 - it takes login and password from user - FreeRADIUS seems to validate him correctly (here is the log):
rad_recv: Access-Request packet from host 192.168.49.222:1029, id=3, length=231 User-Name = "Nombre2 Apellido2" NAS-IP-Address = 192.168.49.222 NAS-Port = 1 Called-Station-Id = "00-50-C2-10-92-82:SecureAP" Calling-Station-Id = "00-0B-46-26-1B-E2" Framed-MTU = 2304 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = "\002\004\000'\004\020\226f\026\271\\\235\202\247\206~^\367\026pV\242Nombre2 Apellido2" State = 0x548fc174e88138adeecadde08ef4263f2e078b3ee6798cd2f2fd877659244ef7889a108c Message-Authenticator = 0x3da5ed71acd933e4d3f404747dae12ee modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for Nombre2 Apellido2 radius_xlat: '(uid=Nombre2 Apellido2)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=Nombre2 Apellido2) rlm_ldap: Added password izadisan in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusExpiration as Expiration, value 11 & op=21 rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user Nombre2 Apellido2 authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - md5 rlm_eap: processing type md5 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Accept of id 3 to 192.168.49.222:1029 EAP-Message = "\003\004\000\004" Message-Authenticator = 0x00000000000000000000000000000000 Finished request 30 Going to the next request Waking up in 6 seconds... - Windows XP client thinks itself it's authenticated, because don't try to login more - but the network is not accesible for the client... Which could be the problem ? Israel Cárdenas Romero - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html