Re: WindowsXP EAP-MD5 authentication problem

Thu, 26 Feb 2004 01:15:22 -0800

hi


Nedialko Dimitrov wrote:

Dear all,

I'm trying to configure
WindowsXP <-- wireless-> Cisco AP1100 <--> FreeRadius
with MD5 authentication following
http://lists.cistron.nl/pipermail/freeradius-users/2002-August/009532.html

ok, that's quite old but it still would be good if WinXP didn't change. if you have SP1, there is no EAP/MD5 anymore. (by the way, there is an updated version of this doc at the FR site under doc).


My WindowsXP client settings are :
Connection properties ->
    Authentication : Enable IEEE 802.1x ...
    EAP type PEAP (the other option is Smart Card or Cetificate)
Properties ->
        Select Auth. Method: EAP-MSCHAP-v2 (the othe options is Smart Card
or Cetificate)

you thus use PEAP/MS-CHAP and not MD5. the version of FR you use is 0.9.3. as far as i know, it does not support PEAP. so, it can't work.

if you want PEAP, grab the latest snapshot. if you want TLS, you can go with what you have but you'll need the certificates and stuff.


  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched user3 at 92
  modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 82 with timestamp 403d3097
Sending Access-Reject of id 83 to 192.168.4.5:21645

My users file record is just:

user3 Auth-Type := Local, User-Password == "cisco"


make away the Auth-Type. you don't need it, if you have the right module in the authorize {} section.

for peap, put ms-chap in the authorize {} list and eap in the authenticate. just provide the password.


ciao
artur



--
__________________________________________________________
Artur Hecker                    http://www.enst.fr/~hecker
Groupe Acce`s et Mobilite'  /  Computer Science and Networks
E N S T  Paris ___________________________________________


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to