So i really wonder where is the problem !!! maybe it is due to the hardware i use...
my switch is wireless controller -all AP rceive their config (RF, SSID, channels, Power Radio, security styuffs, etc..) from the switch. so when RADIUS authentication is set-up, every AP have to be authenticated by Freeradius before receiving the correct parameters by FR, using its @MAC as login and the word NOPASSWORD as password (that the theoroy said. cause i had to set Auth-Type := Accept to make it work). at this stage, authenticator is the wireless switch. it works with or without 802.1x ON. it work fine, and the AP are well manged by a centralpoint. no RADIUS problem with AP authetication. - step2: when an AP is recognized, end-users have to be autneticated too by RADIUS. this step, like the documentation says, the managed AP becomes "Authenticator". -so an entry exist for every AP in clients.conf too) during the connection attempts, Radius receive acess request, and the correct certificate is chosen -he give me the correcte commonnameof certificate- but i think the supplicant (end-user on xp) never receive the access-challenge, even if it is sent by RADIUS Server. i don't know if i am well understood or if I "do" misundertood something but it works like that at me now. i installed, reinstalled and formated so much time that i am convincedthat i won't success alone. Hey Ivan, won't you try to help me to fix this stone? i have definitely nodelay anymore, and no solution too. Freeradius is your own and i ma pretty sure that we could both fix the problem between a quarter or a half if you take fulll remote control of my computer and network, assisting you and telling my purpose. thanx for help. ----- Message d'origine ---- De : Ivan Kalik <[EMAIL PROTECTED]> À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Lundi, 19 Mai 2008, 0h37mn 23s Objet : RE: Re : Re : Re : howto EAP-TLS on freeradius 2.0.2-3 ?? >Ok, we assume my certificates are corrects. > >So i have some more questions: > > >- Certificate should be import for user accounts or for computer account ? Who/what ever is you supplicant trying to authenticate. If the supplicant can't find the correct certificate it will give up. > >- i use the file "users" as database for my accounts; when using eap-tls >when trying eap-peap my accounts looks like that: > >>> johndoe Auth-Type: = EAP, User-Password == �test1234" >>> Tunnel-Type = 13, >>> Tunnel-Medium-Type = 6, > >or >>> johndoe User-Password == �test1234" >>> Tunnel-Type = 13, >>> Tunnel-Medium-Type = 6, No, don't use Auth-Type. Use Cleartext-Password or NT-Password (names clearly suugest are they encrypted and how) with mschap. > > >- when i use eap-tls, it looks like that: > >>> johndoe >>> Tunnel-Type = 13, >>> Tunnel-Medium-Type = 6, >----- > >and sometimes, i add add the assignment of Vlan by using the attribute ' Tunnel-Private-Group-ID = 100" -vlan 100 is affected to the ssid i am interested in- > >is it correct? It will work, but it's more common to use "human" values (VLAN and IEEE-802). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Do You Yahoo!? En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités http://mail.yahoo.fr Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html