I still can't solve this problem.
To all people who have successfully configured EAP/TLS and FreeRadius, how did you generate the cert ? Through certificate authority in windows ? or openssl in linux ?
Is it necessary for the windows XP supplicant to be able to contact the domain of the cert ?
I tried with D-Link-650+ wireless card and eapol.log shows:
[3092] 12:43:31:912: ProcessReceivedPacket: != EAP_Packet
[3092] 12:43:31:912: ProcessReceivedPacket: == EAPOL_Key
[3092] 12:43:31:912: FSMKeyReceive entered for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: ElKeyReceiveRC4 entered for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: KeyLength = 13,
KeyIndex = 131
[3092] 12:43:31:912: ElKeyReceiveRC4: Signature in Key Desc does not match
[3092] 12:43:31:912: ElKeyReceiveRC4 completed for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: FSMKeyReceive completed for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: ProcessReceivedPacket: STATE_AUTHENTICATED
[3092] 12:43:31:912: ProcessReceivedPacket: Reposting buffer on port {CCB07A09-4681-4980-A6E7-6AEE66016B3B}
[3092] 12:43:31:912: ElReadFromPort entered
[3092] 12:43:31:912: ElReadFromPort: pPCB = 03247188, RefCnt = 3
[3092] 12:43:31:912: ProcessReceivedPacket: pPCB= 03247188, RefCnt = 3
[3092] 12:43:31:912: ProcessReceivedPacket exit
[3092] 12:43:36:929: ElTimeoutCallbackRoutine entered
[3092] 12:43:36:929: EAPOL-Key for transmit key *NOT* received within 5 seconds in AUTHENTICATED state
[3092] 12:43:36:929: EAPOL Failure: Fail Count = 2
[3092] 12:43:36:929: ElVerifyEAPOLKeyReceived: Calling ElZeroConfigNotify: failcount=2, prevauthtype=1, type=(2)
[3092] 12:43:36:929: ElVerifyEAPOLKeyReceived: RpcCmdInterface[12] SUCCEEDed
[3092] 12:43:36:929: ElZeroConfigNotify: Handle=(13), failcount=(2), lastauthtype=(1)
[3092] 12:43:31:912: ProcessReceivedPacket: == EAPOL_Key
[3092] 12:43:31:912: FSMKeyReceive entered for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: ElKeyReceiveRC4 entered for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: KeyLength = 13,
KeyIndex = 131
[3092] 12:43:31:912: ElKeyReceiveRC4: Signature in Key Desc does not match
[3092] 12:43:31:912: ElKeyReceiveRC4 completed for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: FSMKeyReceive completed for port D-Link AirPlus DWL-650+ Wireless Cardbus Adapter - Packet Scheduler Miniport
[3092] 12:43:31:912: ProcessReceivedPacket: STATE_AUTHENTICATED
[3092] 12:43:31:912: ProcessReceivedPacket: Reposting buffer on port {CCB07A09-4681-4980-A6E7-6AEE66016B3B}
[3092] 12:43:31:912: ElReadFromPort entered
[3092] 12:43:31:912: ElReadFromPort: pPCB = 03247188, RefCnt = 3
[3092] 12:43:31:912: ProcessReceivedPacket: pPCB= 03247188, RefCnt = 3
[3092] 12:43:31:912: ProcessReceivedPacket exit
[3092] 12:43:36:929: ElTimeoutCallbackRoutine entered
[3092] 12:43:36:929: EAPOL-Key for transmit key *NOT* received within 5 seconds in AUTHENTICATED state
[3092] 12:43:36:929: EAPOL Failure: Fail Count = 2
[3092] 12:43:36:929: ElVerifyEAPOLKeyReceived: Calling ElZeroConfigNotify: failcount=2, prevauthtype=1, type=(2)
[3092] 12:43:36:929: ElVerifyEAPOLKeyReceived: RpcCmdInterface[12] SUCCEEDed
[3092] 12:43:36:929: ElZeroConfigNotify: Handle=(13), failcount=(2), lastauthtype=(1)
I feel that the following lines (taken from the above log) indicate that something's not right....but I'm not sure what they mean...maybe somebody can help me ?
[3092] 12:43:31:912: ElKeyReceiveRC4: Signature in Key Desc does not match
[3092] 12:43:36:929: EAPOL-Key for transmit key *NOT* received within 5 seconds in AUTHENTICATED state
Thanks,
lara
Lara Adianto <[EMAIL PROTECTED]> wrote:
>
> The log file of freeradius shows that the authentication is
> successful, with access-accept being sent. I use tcpdump to confirm
> that access-accept is indeed sent and received by the
> access-point. However, after about 1 minute, the client will resend
> an access-request. And this keeps repeating...
Ok...
> The only error log I can suspect from event viewer is this:
...
> Automatic certificate enrollment for local system failed to contact the
>active directory (0x8007054b). The specified domain either does not exist
>or could not be contacted.
> Enrollment will not be performed.
> For more information, see Help and Support Center at
>http://go.microsoft.com/fwlink/events.asp.
That looks like the problem to me. Fix that, and the machine should
stay on the network.
And no, there's nothing you can do to FreeRADIUS to fix that problem.
Alan DeKok.
Lara Adianto <[EMAIL PROTECTED]> wrote:
>
> The log file of freeradius shows that the authentication is
> successful, with access-accept being sent. I use tcpdump to confirm
> that access-accept is indeed sent and received by the
> access-point. However, after about 1 minute, the client will resend
> an access-request. And this keeps repeating...
Ok...
> The only error log I can suspect from event viewer is this:
...
> Automatic certificate enrollment for local system failed to contact the
>active directory (0x8007054b). The specified domain either does not exist
>or could not be contacted.
> Enrollment will not be performed.
> For more information, see Help and Support Center at
>http://go.microsoft.com/fwlink/events.asp.
That looks like the problem to me. Fix that, and the machine should
stay on the network.
And no, there's nothing you can do to FreeRADIUS to fix that problem.
Alan DeKok.
Lara Adianto <[EMAIL PROTECTED]> wrote:
Hi list,I have a strange problem with EAP/TLS authentication.I have done the setup with the guide from Ken Roser's howto provided in freeradius site:- The client is XP, wireless card: linksys WPC54G- The freeradius server is installed in linux- The access point is linksys WRT54G- The certificates (with enhanced key usage for server and client authentication) for server and client are generated using openssl installed in freeradius serverThe log file of freeradius shows that the authentication is successful, with access-accept being sent. I use tcpdump to confirm that access-accept is indeed sent and received by the access-point. However, after about 1 minute, the client will resend an access-request. And this keeps repeating...and the client seems to fail the authentication though the radius server keeps sending access-accept:....Sending Access-Accept of id 23 to 192.168.168.60:1232
MS-MPPE-Recv-Key = 0xeb0e81327b50c60eb6bd54a9a02da65bcc87136bfdf0d0708f9be01db4078473
MS-MPPE-Send-Key = 0xb01787160d97e7cf0ac614e56479ee7870a6068f142a2279b71e5d3894225f72
EAP-Message = 0x03150004
Message-Authenticator = 0x00000000000000000000000000000000No session-timeout attribute is sent though, like in ken roser's log file. Could this be a problem ?The eapol.log shows : [1648] 15:45:13:583: ElWriteCompletionRoutine sent out 0 bytes with error -1073741823, but I'm not quite sure what it means.The only error log I can suspect from event viewer is this:Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 17-Nov-04
Time: 7:50:04 PM
User: N/A
Computer: LAR4S
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Anyone can help me ? please ? I really need to solve this ASAP...Thank you,Laraeapol.log:
[2952] 15:45:09:848: ElMediaEventsHandler entered -- EventType=<6>
[2952] 15:45:09:868: ElMediaEventsHandler: Calling ElMediaSenseCallback
[2952] 15:45:09:868: ElMediaSenseCallback: Entered
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: For interface (Wireless-G Notebook Adapter with SpeedBooster), GUID ({CCB5C4C2-79EB-4414-A58B-6382051C13F6}), length of block = 90
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: Callback for sense disconnect
[2952] 15:45:09:868: FSMDisconnected entered for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[2952] 15:45:09:868: Setting state DISCONNECTED for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[2952] 15:45:09:868: FSMDisconnected completed for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: Port marked disconnected Wireless-G Notebook Adapter with SpeedBooster
[2952] 15:45:09:868: ElMediaSenseCallbackWorker: processed, RetCode = 0
[1648] 15:45:13:583: ElMediaEventsHandler entered -- EventType=<7>
[1648] 15:45:13:583: ElMediaEventsHandler: Calling ElZeroConfigEvent
[1648] 15:45:13:583: ElGetInterfaceParams: SsidLength=<7>, Found EapTypeId=<13>, SSIDLen=<7>
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: DeviceDesc = , GUID = {CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElNdisuioEnumerateInterfaces: Opening handle
[1648] 15:45:13:583: NdisuioEnumerateInterfaces: NDISUIO bound to: (0) \DEVICE\{1A918A7C-F63C-4EF3-B6AD-12C1DFC6A4A1}
- Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport[1648] 15:45:13:583: NdisuioEnumerateInterfaces: NDISUIO bound to: (1) \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
- Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport[1648] 15:45:13:583: ElNdisuioEnumerateInterfaces: DeviceIoControl IOCTL_NDISUIO_QUERY_BINDING has no more entries
[1648] 15:45:13:583: Device: \DEVICE\{1A918A7C-F63C-4EF3-B6AD-12C1DFC6A4A1}
[1648] 15:45:13:583: Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
[1648] 15:45:13:583: Device: \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: Description: Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Found interface after enumeration \DEVICE\{CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Found PCB already existing for interface
[1648] 15:45:13:583: ElCreatePort: Entered for Handle=(00000D8C), GUID=({CCB5C4C2-79EB-4414-A58B-6382051C13F6}), Name=(Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport), ZCId=(1150), UserData=(033B961C) Notification=<4>
[1648] 15:45:13:583: ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (\Device\{CCB5C4C2-79EB-4414-A58B-6382051C13F6})
[1648] 15:45:13:583: ElCreatePort: PCB found for {CCB5C4C2-79EB-4414-A58B-6382051C13F6}
[1648] 15:45:13:583: ElReStartPort: Entered: pPCB=<000DBD10>, pZCConnectInfo=<009DFED0>, Refcnt=<3>, EapFlags=<c0000000>, Notification=<4>
[1648] 15:45:13:583: ElReStartPort: prdUserData not valid
[1648] 15:45:13:583: ElReStartPort: pPCB=<000DBD10>, AuthenticationMode=<0>, EncyptionStatus=<0>, usKeyDescription=<1>
[1648] 15:45:13:583: ElGetInterfaceNdisStatistics: pwszDeviceInterfaceName = (\Device\{CCB5C4C2-79EB-4414-A58B-6382051C13F6})
[1648] 15:45:13:583: ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_INFRASTRUCTURE_MODE successful, Mode = (1)
[1648] 15:45:13:583: ElReStartPort: ElNdisuioQueryOIDValue for OID_802_11_BSSID successful
[1648] 15:45:13:583: 00 12 17 19 23 2C 00 00 00 00 00 00 00 00 00 00 |....#,..........|
[1648] 15:45:13:583: ElReStartPort: Port Network Identifier:
[1648] 15:45:13:583: 6C 69 6E 6B 73 79 73 00 00 00 00 00 00 00 00 00 |linksys.........|
[1648] 15:45:13:583: ElGetInterfaceParams: SsidLength=<7>, Found EapTypeId=<13>, SSIDLen=<7>
[1648] 15:45:13:583: ElReadPerPortRegistryParams: Setting dwEapFlags=<c0000000>
[1648] 15:45:13:583: ElGetCustomAuthData: SSIDLen=<7>, EapTypeId=<13>, Offset=<52/146>, dwAuthData=<82>
[1648] 15:45:13:583: ElGetCustomAuthData: SSIDLen=<7>, EapTypeId=<13>, Offset=<52/146>, dwAuthData=<82>
[1648] 15:45:13:583: ElReadPerPortRegistryParams: dwTotalMaxAuthFailCount = (3)
[1648] 15:45:13:583: FSMConnecting entered for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: TIMER: Restart PCB Time: 60
[1648] 15:45:13:583: ElWriteToPort entered: Pkt Length = 7
[1648] 15:45:13:583: ElWriteToPort: pPCB = 000DBD10, RefCnt = 4
[1648] 15:45:13:583: ElWriteToInterface entered
[1648] 15:45:13:583: ElWriteToInterface completed, RetCode = 0
[1648] 15:45:13:583: Setting state CONNECTING for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: FSMConnecting completed for port Wireless-G Notebook Adapter with SpeedBooster - Packet Scheduler Miniport
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: CreatePort successful
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: PCB already existed, skipping Interface hash table addition
[1648] 15:45:13:583: ElEnumAndOpenInterfaces: Completed with retcode = 0
[1648] 15:45:13:583: ElIoCompletionRoutine called, 0 bytes xferred
[1648] 15:45:13:583: ElWriteCompletionRoutine sent out 0 bytes with error -1073741823
[1648] 15:45:13:583: ElWriteCompletionRoutine: pPCB= 000DBD10, RefCnt = 3
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
Do you Yahoo!?
Meet the all-new My Yahoo! – Try it today!
------------------------------------------------------------------------------------
La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -
------------------------------------------------------------------------------------
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
