Nedialko Dimitrov wrote:
Dear all,
I'm trying to configure WindowsXP <-- wireless-> Cisco AP1100 <--> FreeRadius with MD5 authentication following http://lists.cistron.nl/pipermail/freeradius-users/2002-August/009532.html
ok, that's quite old but it still would be good if WinXP didn't change. if you have SP1, there is no EAP/MD5 anymore. (by the way, there is an updated version of this doc at the FR site under doc).
My WindowsXP client settings are : Connection properties -> Authentication : Enable IEEE 802.1x ... EAP type PEAP (the other option is Smart Card or Cetificate) Properties -> Select Auth. Method: EAP-MSCHAP-v2 (the othe options is Smart Card or Cetificate)
you thus use PEAP/MS-CHAP and not MD5. the version of FR you use is 0.9.3. as far as i know, it does not support PEAP. so, it can't work.
if you want PEAP, grab the latest snapshot. if you want TLS, you can go with what you have but you'll need the certificates and stuff.
modcall[authorize]: module "eap" returns updated for request 6 users: Matched user3 at 92 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type Local auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 6 for 1 seconds Finished request 6 Going to the next request Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 82 with timestamp 403d3097 Sending Access-Reject of id 83 to 192.168.4.5:21645
My users file record is just:
user3 Auth-Type := Local, User-Password == "cisco"
make away the Auth-Type. you don't need it, if you have the right module in the authorize {} section.
for peap, put ms-chap in the authorize {} list and eap in the authenticate. just provide the password.
ciao artur
-- __________________________________________________________ Artur Hecker http://www.enst.fr/~hecker Groupe Acce`s et Mobilite' / Computer Science and Networks E N S T Paris ___________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html