SecureW2 (List) wrote:
As I thought, I have being having trouble on the wired side when a MPPE key
is being sent by the server.
It looks like this "confuses" the Vista client as when you are using wired
you usually don't need the MPPE key.
Try disabling the MPPE key configuration in the Freeradius config so it is
not sent, I don't know how to do this though... ;)
No. Vista works fine with (PEAP/TTLS) & MSCHAPv2 + MPPE keys with 802.1x
on wired interfaces. The ~1000 or so Vista users on the 802.1x
authenticated portion of our wired network would agree (most using Vista
native supplicant). I've not seen any issues with XP SP3 either, on
wired or wireless.
This is using FR 2.04 (Alan decided to 'fix' the proxying behaviour for
2.05 and i've not had a chance to 'adjust' our configuration files yet).
Were using certificates signed by 'Thawte Premium Server CA', and
performing, CA and certificate CN validation... all just works.... with
the exception of the odd vista box that *refuses* to do user
authentication and tries to perform machine authentication , ugh. For
those we use SecureW2, which also generally works fine with a *near*
default configuration.
BTW from those traces your NAS looks broken if it's sending EAP Ident
requests after authentication has succeeded.
Arran
Tom
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Namens Lech Karol Pawlaszek
Verzonden: donderdag 24 juli 2008 13:23
Aan: FreeRadius users mailing list
Onderwerp: Re: PEAP or TTLS and Microsoft Vista.
SecureW2 (List) wrote:
http://msdn.microsoft.com/en-us/library/aa813696(VS.85).aspx
Nice article. However I don't understand a few things. What's "pdb
<pdbpath>"? I'm not good at Windows.
To enable logging do the following:
- Netsh wlan set tra yes
- netsh ras set tr * en
- Reproduce your problem
- netsh ras set tr * dis
- Netsh wlan set tra no
Well. I have problems with _wired_ connection so I've used "netsh lan"
instead "netsh wlan". I hope it's the right thing.
If you go to the %windir%\tracing\wireless\ directory you will a load of
.etl files in different directories.
:-) yea. Which one is... hm... important? onex or eaphost?
Use the tracerpt *.* command to change the .etl to readable .txt files.
I'm attaching onex.txt and eaphost.txt. I'm not exactly sure what I
should search for. Any hints?
PS. I don't like plugging like this but we are almost finished with the
latest SecureW2 EAPSuite which supports EAP-TTLS/EAP-PEAPv0/v1 and EAP-
GTC
and has been tested quite extensively with Vista SP0/SP1.
Awesome. I hope it'll work with my Vista's...
Kind regards,
--
Lech Karol Pawłaszek <ike>
"You will never see me fall from grace" [KoRn]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell ([EMAIL PROTECTED]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
