Hi Tim, I believe that MS made changes to the format of the EAP packets in XP SP2! This breaks PEAP with a number of (but apparently not all) non-MS RADIUS servers. They have a Hotfix for this. Checkout KB 885453.
I'm not *sure* that this is your problem. However, it *may* be relevant. Note that the reference to EAP/TLS in FreeRADIUS may be a slight misdirection. EAP/TLS code is referenced by several of the EAP modules. Specifically, both EAP/TTLS and PEAP use a one-way TLS outer tunnel to protect the inner authentication process. Hence, a reference to EAP/TLS is entirely consistent with using PEAP (remember, you had to configure the tls module to get peap working). Regards, Guy > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Tim Winders > Sent: 13 December 2004 13:08 > To: [EMAIL PROTECTED] > Subject: Re: rlm_eap_tls not built because OpenSSL not found > > > On Sun, 12 Dec 2004, Alan DeKok wrote: > > > Tim Winders <[EMAIL PROTECTED]> wrote: > >> Unfortuantely, I can't seem to get PEAP working. The server is > >> complaining about a client certificate, like I was using EAP/TLS > >> rather than EAP/PEAP. > > > > Can you post the error message? It might help.... > > I suppose that would help. :-) > > Mon Dec 13 07:02:02 2004 : Info: rlm_eap_tls: Length Included > Mon Dec 13 07:02:02 2004 : Error: TLS_accept:error in > SSLv3 read client certificate A > Mon Dec 13 07:02:02 2004 : Info: rlm_eap_tls: Received > EAP-TLS ACK message > > I am trying to connect to a Cisco AP1200 from a Windows XP > SP2 client. > The client has Network Authentication Open, Data Encryption > WEP, EAP Type > Protected EAP (PEAP), Authentication Method: Secured password > (EAP-MSCHAP v2). > > -- > > Tim Winders > Associate Dean of Information Technology > South Plains College > Levelland, TX 79336 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
