> > I am trying to get machine authentication working using freeradius and a > Windows XP SP1 client. I originally tried to make this work with > freeradius 0.9.3, but then moved to 1.0.0pre3 in hopes of making it work. > > Here is what I see when I sniff the traffic between the client and the AP > using ethereal. > > Client AP > ------ ---- > EAPOL Start ---> > > <--- Request, Identity > > Response, Identity ---> > > <--- Request, EAP-TLS > > > And that is it. The client never responds to the Request, EAP-TLS. Below > is the contents of that last packet from the AP to the client: > > 802.1x Authentication > Version: 1 > Type: EAP Packet (0) > Length: 6 > Extensible Authentication Protocol > Code: Request (1) > Id: 17 > Length: 6 > Type: EAP-TLS [RFC2716] [Adoba] (13) > Flags (0x20): Start > > On the server side I see the following > > rad_recv: Access-Request packet from host 147.138.120.170:6001, id=73, > length=173 > User-Name = "host/testwire.bridgewater.edu" > NAS-IP-Address = 147.138.120.170 > Called-Station-Id = "00-20-a6-52-b4-6c" > Calling-Station-Id = "00-90-4b-7d-d5-47" > NAS-Identifier = "WritingWAP" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = > 0x0212002201686f73742f74657374776972652e62726964676577617465722e656475 > Message-Authenticator = 0x3a892a05d25aa847b9be3c33cd9a7b4a > Invalid operator for item Prefix: reverting to '==' > Sending Access-Challenge of id 73 to 147.138.120.170:6001 > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 576 > Service-Type = Framed-User > EAP-Message = 0x011300060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0xc3ff0ce5bfdff596d099ec32ec73aece > > > I am not sure why the XP client never responds to the Request, EAP-TLS > packet. On the XP client I have it set to do machine authentication. In > the registry I set the AuthMode value to 2 and SupplicantMode to 3. Before > I set AuthMode I received errors about not being able to find a > certificate to use. Setting SupplicantMode to 3 did not change the > behavior. I have a certificate with a CN of testwire.bridgewater.edu in > the personal store of the local computer account.
I'm using the same configuration as you, I've follow this HOWTO for certificates generation and Win xp certificate installation. It works very fine. Maybe it should help you. http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm Fred.EVRARD > I just don't understand what is happening and any help would be greatly > appreciated. > > > ---------------------------------------------------------------------------- > Joe Meslovich [EMAIL PROTECTED] > Associate Network/Systems Engineer IT Center > Tel: (540) 828 - 5343 > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
