I am trying to get machine authentication working using freeradius and a Windows XP SP1 client. I originally tried to make this work with freeradius 0.9.3, but then moved to 1.0.0pre3 in hopes of making it work.
Here is what I see when I sniff the traffic between the client and the AP using ethereal. Client AP ------ ---- EAPOL Start ---> <--- Request, Identity Response, Identity ---> <--- Request, EAP-TLS And that is it. The client never responds to the Request, EAP-TLS. Below is the contents of that last packet from the AP to the client: 802.1x Authentication Version: 1 Type: EAP Packet (0) Length: 6 Extensible Authentication Protocol Code: Request (1) Id: 17 Length: 6 Type: EAP-TLS [RFC2716] [Adoba] (13) Flags (0x20): Start On the server side I see the following rad_recv: Access-Request packet from host 147.138.120.170:6001, id=73, length=173 User-Name = "host/testwire.bridgewater.edu" NAS-IP-Address = 147.138.120.170 Called-Station-Id = "00-20-a6-52-b4-6c" Calling-Station-Id = "00-90-4b-7d-d5-47" NAS-Identifier = "WritingWAP" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0212002201686f73742f74657374776972652e62726964676577617465722e656475 Message-Authenticator = 0x3a892a05d25aa847b9be3c33cd9a7b4a Invalid operator for item Prefix: reverting to '==' Sending Access-Challenge of id 73 to 147.138.120.170:6001 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x011300060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc3ff0ce5bfdff596d099ec32ec73aece I am not sure why the XP client never responds to the Request, EAP-TLS packet. On the XP client I have it set to do machine authentication. In the registry I set the AuthMode value to 2 and SupplicantMode to 3. Before I set AuthMode I received errors about not being able to find a certificate to use. Setting SupplicantMode to 3 did not change the behavior. I have a certificate with a CN of testwire.bridgewater.edu in the personal store of the local computer account. I just don't understand what is happening and any help would be greatly appreciated. ---------------------------------------------------------------------------- Joe Meslovich [EMAIL PROTECTED] Associate Network/Systems Engineer IT Center Tel: (540) 828 - 5343 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html