-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Artur,
You don't :-) You set the session-timeout in the RADIUS reply. Regards, Guy > -----Original Message----- > From: Artur Hecker [mailto:[EMAIL PROTECTED] > Sent: 26 September 2003 12:56 > To: [EMAIL PROTECTED] > Subject: Re: WPA w/ EAP-TLS against 0.8.1 > > > hi Guy! > > > how can you change the session time in windows? > > thanks, > artur > > > > > Guy Davies wrote: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi Ian, > > > > I've seen something like this when doing MAC authentication. It was > > actually a "feature" of the WinXP/Win2k supplicant which > defaults the > > session time to about 6 seconds! If I explicitly set the > session time to be > > something more useful (1800 seconds is good) then > everything was happy. > > > > Sorry if this is totally unrelated but I thought it might help. > > > > Regards, > > > > Guy > > > > > >>-----Original Message----- > >>From: Ian Pritchard [mailto:[EMAIL PROTECTED] > >>Sent: 26 September 2003 11:42 > >>To: [EMAIL PROTECTED] > >>Subject: WPA w/ EAP-TLS against 0.8.1 > >> > >> > >> > >>Hi, > >> > >>We're running FreeRADIUS version 0.8.1, and have been trying out > >>authentication using a couple of "WPA-capable" 802.11 APs and > >>PCMCIA cards > >>on laptops, with EAP-TLS and certs. > >> > >>We've tried a matrix of the following: > >> > >>Laptops > >>- Win2K SP4 w/ MS 802.1x patch and with Funk Odyssey client > >>- WinXP > >>- EAP-TLS certs installed > >> > >>PCMCIA cards > >>- Linksys WPC54G > >>- SMC2635W > >> > >>APs > >>- Linksys WRT54G > >>- SMC2804WBR > >>- Cisco AP340 > >> > >>All devices running latest possible drivers. > >> > >>Before testing WPA we were running the Cisco AP340 and the > >>Win2K 802.1x auth > >>patch, plus XP. > >> > >>Running either of the two PCMCIA cards, on either the Win2K > >>or WinXP laptop, > >>via the Linksys WRT54G AP, we see behaviour where the AP > >>initiates access > >>request to the FreeRADIUS server, the process runs through as > >>normal, the > >>access accept is sent to the AP, but it then immediately starts > >>authentication again, and you run through the whole process > >>repeatedly, > >>starting again immediately after the accept is sent. Nothing > >>seems abnormal > >>if running FreeRADIUS in debug mode. With the Funk Odyssey > >>client running on > >>Win2K the behaviour is the same. > >> > >>Using the SMC AP, things are more interesting. The SMC AP's > web-based > >>control interface has a "security" main menu, with 802.1x as > >>a sub-menu. If > >>you turn the main security to "WPA/TKIP w/ RADIUS", then the > >>behaviour is as > >>with the Linksys above. However, if you turn it to "No > >>Encryption" (so not > >>even WEP enabled according to its interface), but leave the > >>"enable 802.1x" > >>turned on in the sub-menu, authentication takes place as > >>normal. The SMC > >>client card has client manager software, and if you turn on > >>WPA on the AP, > >>then the client manager shows a "key" symbol (presumably > >>denoting some kind > >>of security) next to the AP, but if you turn off encryption > >>and leave 802.1x > >>turned on, the key goes away. > >> > >>The Cisco AP doesn't have WPA but will do 802.1x as before. > >> > >>We're having trouble reaching a conclusion here (partly > because it's > >>difficult to tell what's happening), and certainly don't > >>think we've got any > >>"WPA" AP/client combination working with WPA/Radius. We had > >>thought that, > >>from an authentication perspective, there was no difference > >>between 802.1x > >>and WPA. > >> > >>Has anyone else managed to get WPA APs and clients running against > >>FreeRADIUS using EAP-TLS? > >> > >> > >>Many thanks, > >> > >> > >>Ian > >> > >>_________________________________________________________________ > >>Help protect your PC. Get a FREE computer virus scan online > >>from McAfee. > >>http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > >> > >> > >>- > >>List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP 8.0 > > > > iQA/AwUBP3Qlno3dwu/Ss2PCEQLQgwCg/vsD8wvFkhBEgcdhP0sJgmu2UzgAn11N > > 1NaRCSe7TQUC9g9L4sj3gFhS > > =yiwB > > -----END PGP SIGNATURE----- > > > > > > > > 30th Telindus International Symposium > > Thursday, October 30, 2003 - Brussels Expo, Belgium > > > > Check out the complete conference programme, exhibition, > > workshops and register now for this high value'must attend' event! > > > > http://www.telindussymposium.com > > <<< > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP3Q0pI3dwu/Ss2PCEQK/ZQCffwWnxmOll5CFxxDegAlDwNlaNjYAoNEo GSmsMRRmN+Cj5MnwYPgSpJce =9E/H -----END PGP SIGNATURE----- >>> 30th Telindus International Symposium Thursday, October 30, 2003 - Brussels Expo, Belgium Check out the complete conference programme, exhibition, workshops and register now for this high value'must attend' event! http://www.telindussymposium.com <<< - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html