Hmm, I guess Windows is just caching the details, I'm not sure though.
Infact that does seem to be the case: See http://support.microsoft.com/default.aspx?scid=kb;en-us;828996 Article 823731 contains instructions on how to remove the cache, however it sounds like you would have to do that every time: "There is no option that you can configure in Windows XP to prevent the operating system from storing your credentials." I guess you could cludge it so that the cache is removed every time the machine boots. Or use Linux ;) Cheers, Mike On Sat, Jan 17, 2004 at 09:54:14PM -0500, matt morris wrote: > Hello, Mike. Just a verification: So you replaced "rcode = RLM_MODULE_OK;" > with "rcode = RLM_MODULE_HANDLED;"? I tried that and the winxp supplicant > can indeed connect successfully. However, the user was not prompted for the > username and password on subsequent reboots and can still get access to the > internet after that one successful login. Is that an expected result? (My > desired result should be the user get prompted to authenticate everytime > he/she reboots or loads up winxp in order to gain access. Is that an ip > least time problem, or a cookie/temp file problem or the modifed peap > module's problem? > > TIA > > > >From: Mike Saywell <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: [EMAIL PROTECTED] > >Subject: [PATCH] Re: PEAP authentication very strange problem! PLEASE HELP > >Date: Fri, 16 Jan 2004 02:25:27 +0000 > > > >It took me a while to figure out what was going on here... > > > >Turns out the problem was not as Alan suspected. Seems that a return > >value got tweaked during a re-structuring of the code. > > > >Anyway here's the (very small) patch: > > > >--- peap.c.orig Fri Jan 16 02:01:45 2004 > >+++ peap.c Fri Jan 16 02:02:03 2004 > >@@ -267,7 +267,7 @@ > > DEBUG2(" PEAP: Tunneled authentication was successful."); > > t->status = PEAP_STATUS_SENT_TLV_SUCCESS; > > eappeap_success(handler, tls_session); > >- rcode = RLM_MODULE_OK; > >+ rcode = RLM_MODULE_HANDLED; > > > > /* > > * If we've been told to use the attributes from > > > >I only spotted the change when comparing a version I checked out from > >november which worked ok. I'm not sure if the change was intentional, > >but reversing it gets PEAP working again for me. > > > >Oh btw has something changed in the configure/makefiles recently? > >Just that to compile TLS/TTLS support I currently have to run: > > > >./configure --with-openssl-includes=/usr/include/ > >--with-openssl-libraries=/usr/lib/ > > > >It's only started happening recently, perhaps it's something weird in > >my setup, I'm too tired to care right now ;) > > > >Cheers, > > > >Mike > > > >On Thu, Jan 15, 2004 at 09:37:57AM -0500, matt morris wrote: > >> I read a post from a user named Mike Saywell, stating a similar > >situation > >> with you: > >> > >> >From the RASTLS.log in WinXP: > >> "Failing Auth because we got a success/fail without TLV." > >> > >> The file RASTLS.LOG is the WindowsXP log, obtained by setting the > >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASTLS\EnableFileTracing > >> flag to 1. > >> > >> And if you got the same thing from the log, here's the answer to Mike > >from > >> Alan Dekok: > >> > >> >>Mike Saywell <[EMAIL PROTECTED]> wrote: > >> >>I can authenticate with XSupplicant under Linux fine, but Windows > >fails > >> >>apparently with the error "Failing Auth because we got a success/fail > >> >>without TLV." > >> > >> > Hmm... it looks like the PEAP module puts the data into a buffer, to > >> >be put into the TLS tunnel, but the tls code never looks for it on > >> >success/failure. > >> > >> >The functions in eap_tls.c, eaptls_success() and eaptls_fail() have > >> >to be updated to look a little more like eaptls_request(). i.e. to > >> >call record_minus(), etc, to grab the data from the buffer, and put it > >> >into the tunnel. > >> > >> >>In the peap section I've tried various combinations of the > >> >>copy_request_to_tunnel and use_tunneled_reply flags to no avail - > >> >>including leaving them unspecified. > >> > >> >That won't work, as the code is just wrong. > >> > >> >>Hopefully somebody can spot what is probably a silly mis-configuration > >> >> on my part! > >> > >> >Nope. > >> > >> >PEAP probably works on other systems because they don't look for the > >> >"TLV" response code, like they're supposed to. XP does, so it fails > >> >when the PEAP module doesn't supply the TLV. > >> > >> >Alan DeKok. > >> > >> Hope this helps > >> > >> >From: [EMAIL PROTECTED] > >> >Reply-To: [EMAIL PROTECTED] > >> >To: [EMAIL PROTECTED] > >> >Subject: Re: PEAP authentication very strange problem! PLEASE HELP > >> >Date: Thu, 15 Jan 2004 09:09:34 +0100 (MET) > >> > > >> >Anybody knows about this problem...? please help if you have an idea!!! > >> >thanks a lot > >> > > >> >> hello everyone, > >> >> I have a very strange problem while I try to do PEAP > >authentication... > >> >> I have successfully made TLS authentication, TTLS also works with > >> >secureW2 > >> >> client, but when I tried to do PEAP authentication, I have a very > >> >strange > >> >> problem: > >> >> I am using a snaphot of freeradius from 2004/01/04 ,my supplicant is > >> >> windows XP SP1 with all patch, and when I do PEAP authentication, all > >is > >> >> fine for freeradius : I have an access accept and MPPE received and > >send > >> >> key that are printed out. all seems to be good, my AP (which is cisco > >> >ap) > >> >> says in the log : "eap authenticated successfull = username ", the > >same > >> >> message that I had when TLS and TTLS worked. > >> >> But in the same time, in Windows side, I have already the same > >message : > >> >> "wait for authentication".... and it's not really authenticated > >because > >> >I > >> >> can't do a ping or something like that. I dont have the good message > >: > >> >> authentication successfull, which appeared with TLS and TTLS. > >> >> But why ??? I really dont understand what is not good here... I think > >> >it's > >> >> a problem in windows side, don't you think so?? SI it possible ti be > >a > >> >> problem with freeradius or my AP ?? please if someone knows, help me! > >> >> > >> >> Renaud Garelli > >> >> > >> >> > >> >> - > >> >> List info/subscribe/unsubscribe? See > >> >> http://www.freeradius.org/list/users.html > >> >> > >> > > >> > > >> >- > >> >List info/subscribe/unsubscribe? See > >> >http://www.freeradius.org/list/users.html > >> > >> _________________________________________________________________ > >> The new MSN 8: advanced junk mail protection and 2 months FREE* > >> > >http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca > >> > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > _________________________________________________________________ > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. > http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
