RE: Troubles with EAP-TTLS

[Francisco Sampalo]

        Thanks Guy. You are right. We installed the server's (and root's) 
certificate in the client and now, at least, he sees the PRIVATE VLAN, but 
can´t connect into that VLAN. It seems that the problems are related to the 
certificates. We are working on it and we'll see.....

        Regards.
At 17:22 02/02/05 +0000, you wrote:
Hi Francisco,
Are you authenticating the RADIUS server or just ignoring the validity (or 
otherwise) of the certificate it sends?  If you are trying to authenticate 
the RADIUS server and it's either sending an invalid (or self signed) 
certificate or the root certificate authority that signed the RADIUS 
server's certificate is not known to the client, then the client will not 
recognise the server and will not send any credentials.

Rgds,
Guy
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Francisco Sampalo
> Sent: 02 February 2005 17:04
> To: freeradius-users@lists.freeradius.org
> Subject: Troubles with EAP-TTLS
>
>
>       Hi, this our first message to the list. We are trying
> to deploy a Wireless
> LAN based on 802.1X EAP-TTLS.
>
>       We have have built an authentication infraestructure
> with the following
> components:
>       - A Radius server (Linux SuSe 9.0 + FreeRadius CVS
> version from March'2004).
>       - Access Point Aironet 1100 (Cisco).
>       - SecureW2 EAP-TTLS supplicant (on the client side,
> over Windows XP).
>
>       We have created two VLANS for wireless access: the
> GUESTs VLAN and the
> PRIVATE VLAN (with authentication required for our users). We
> are having
> some troubles with some laptops (not all) working with
> XP-SP2, because they
> only "can see" the GUEST VLAN, but "can´t see" the PRIVATE
> VLAN. We sniffed
> the traffic between the client and the AP and we saw the following:
>       - First, the user tries to get in the PRIVATE VLAN.
>       - Then the AP answers him, trying to establish the
> connection and ask him
> for the authentication information (user and password).
>       - But in this point it seems like the client can't
> understand the request
> and send back null packets; so the AP doesn't validate the
> connection and
> the user is sent to the GUEST VLAN.
>
>       We are in a mess, because we don´t know if this problem
> is due to the
> Wireless NIC of the client (hardware), the drivers, or even
> caused by the
> opperating system.
>
>       May anybody help us? Thants to all.
>
>
> *************************************
> Francisco J. Sampalo Lainz
> ([EMAIL PROTECTED])
> Jefe del Servicio de Informática
> Universidad Politécnica de Cartagena
> Tlf: 968-325717 / 5730
> *************************************
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

                                                Paco Sampalo Lainz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html