I have updated my test radius server to 1.0.0pre3, in order to test this.
What I see when I run radius in debugging mode is a series of
authentication requests followed by challenge responses and then nothing.
I don't know if the laptop is not receiving and understanding the
challenge or if the challenge isn't making it from the AP to the laptop.
Joe Meslovich
On Fri, 16 Jul 2004, Craig Huckabee wrote:
>
> Joe,
>
> I used the 'users' file and a regex to strip that out - it works with
> 1.0.0-pre3:
>
> DEFAULT EAP-Message =* ANY,User-Name =~ "^([^/]+)/(.*)$",Autz-Type :=
> PKI-HOST
> FixedHost = `%{2}`,
> Fall-Through = no
>
> This works for us, hope it helps you.
>
> --Craig
>
>
> Joe Meslovich wrote:
>
> > Yeah I have just stumbled on that registry key. Thanks for the help though
> > I am now getting requests at the radius server that have "host/computername"
> > as the username. I am looking through the documentation for trying to make
> > that work. And just so everyone knows I am using freeradius 0.9.3. Some of
> > the examples of saw of stripping out the "host/" part looked like they were
> > for older versions of freeradius.
> >
> >
> > Joe Meslovich.
> >
> >
> >
> > On Fri, 16 Jul 2004, Michael Griego wrote:
> >
> >
> >>Normal operation for that type of environment is to have a machine cert
> >>so that the machine can authenticate to the network before a users logs
> >>on to the machine itself, then to have a user cert for each user on the
> >>machine so that once the user logs in, the authentication switches to
> >>that user.
> >>
> >>Now, that being said, I believe I remember reading that there is a
> >>registry key you can change that will force the machine to *only* auth
> >>as the machine. I don't know which key it is off the top of my head,
> >>but it would reside under the
> >>HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL branch of the registry. You
> >>can probably do some quick web searching and find it. You have to set
> >>this in the registry though, there is no corresponding GUI setting. As
> >>for the "Authenticate as computer..." setting in the Authentication tab,
> >>that only controls the "before the user logs in" authentication to the
> >>network.
> >>
> >>--Mike
> >>
> >>
> >>On Fri, 2004-07-16 at 06:57, Joe Meslovich wrote:
> >>
> >>>First off I would like to apologize if this is a frequently asked
> >>>question, but I am new to the list.
> >>>
> >>>What I would like to do is authenticate a laptop running Windows XP using
> >>>a machine certificate versus a user certificate. So far I have created a
> >>>certificate on the freeradius server and made sure that the name in the CN
> >>>field is the name of the system. I placed that certificate and the
> >>>root.der in the local computer certificate store of the laptop.
> >>>
> >>>From the freeradius side of things I never see a request to authenticate.
> >>>The laptop brings up the wireless interface and in the task bar it pops up
> >>>a warning stating that it cannot find a certificate with which to
> >>>authenticate the system. What do I need to do to make it see that computer
> >>>certificate. In the wireless configuration settings I have the thing to
> >>>"Authenticate as computer when computer information is available".
> >>>
> >>>Do I need to move that certificate to a different place or do I need to do
> >>>something to tell the system to look in the local computer store for it.
> >>>
> >>>Joe Meslovich
> >>>
> >>>----------------------------------------------------------------------------
> >>>Joe Meslovich [EMAIL PROTECTED]
> >>>Associate Network/Systems Engineer IT Center
> >>>Tel: (540) 828 - 5343
> >>>
> >>>
> >>>-
> >>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >>
> >>-
> >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >
> >
> > ----------------------------------------------------------------------------
> > Joe Meslovich [EMAIL PROTECTED]
> > Associate Network/Systems Engineer IT Center
> > Tel: (540) 828 - 5343
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> --
> / Craig Huckabee | e-mail: [EMAIL PROTECTED] /
> / Code 715-CH | phone: (843) 218 5653 /
> / SPAWAR Systems Center | close proximity: "Hey You!" /
> / Charleston, SC | ICBM: 32.78N, 79.93W /
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
----------------------------------------------------------------------------
Joe Meslovich [EMAIL PROTECTED]
Associate Network/Systems Engineer IT Center
Tel: (540) 828 - 5343
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
