> -----Oorspronkelijk bericht----- > Van: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Namens Arran Cudbard-Bell > Verzonden: donderdag 24 juli 2008 15:59 > Aan: FreeRadius users mailing list > Onderwerp: Re: PEAP or TTLS and Microsoft Vista. > > SecureW2 (List) wrote: > > As I thought, I have being having trouble on the wired side when a MPPE > key > > is being sent by the server. > > > > It looks like this "confuses" the Vista client as when you are using > wired > > you usually don't need the MPPE key. > > > > Try disabling the MPPE key configuration in the Freeradius config so it > is > > not sent, I don't know how to do this though... ;) > > > > > No. Vista works fine with (PEAP/TTLS) & MSCHAPv2 + MPPE keys with 802.1x > on wired interfaces. The ~1000 or so Vista users on the 802.1x > authenticated portion of our wired network would agree (most using Vista > native supplicant). I've not seen any issues with XP SP3 either, on > wired or wireless. >
Ah ok. As it turns out it is the NAS. > This is using FR 2.04 (Alan decided to 'fix' the proxying behaviour for > 2.05 and i've not had a chance to 'adjust' our configuration files yet). > > Were using certificates signed by 'Thawte Premium Server CA', and > performing, CA and certificate CN validation... all just works.... with > the exception of the odd vista box that *refuses* to do user > authentication and tries to perform machine authentication , ugh. For > those we use SecureW2, which also generally works fine with a *near* > default configuration. > I have not tested SW2 on wired yet due to lack of hardware so it is good to hear it works... :) > BTW from those traces your NAS looks broken if it's sending EAP Ident > requests after authentication has succeeded. > > Arran > > Tom > > > > > >> -----Oorspronkelijk bericht----- > >> Van: [EMAIL PROTECTED] > >> [mailto:freeradius-users- > [EMAIL PROTECTED] > >> Namens Lech Karol Pawlaszek > >> Verzonden: donderdag 24 juli 2008 13:23 > >> Aan: FreeRadius users mailing list > >> Onderwerp: Re: PEAP or TTLS and Microsoft Vista. > >> > >> SecureW2 (List) wrote: > >> > >>> http://msdn.microsoft.com/en-us/library/aa813696(VS.85).aspx > >>> > >> Nice article. However I don't understand a few things. What's "pdb > >> <pdbpath>"? I'm not good at Windows. > >> > >> > >>> To enable logging do the following: > >>> > >>> - Netsh wlan set tra yes > >>> - netsh ras set tr * en > >>> - Reproduce your problem > >>> - netsh ras set tr * dis > >>> - Netsh wlan set tra no > >>> > >> Well. I have problems with _wired_ connection so I've used "netsh lan" > >> instead "netsh wlan". I hope it's the right thing. > >> > >> > >>> If you go to the %windir%\tracing\wireless\ directory you will a load > of > >>> .etl files in different directories. > >>> > >> :-) yea. Which one is... hm... important? onex or eaphost? > >> > >> > >>> Use the tracerpt *.* command to change the .etl to readable .txt > files. > >>> > >> I'm attaching onex.txt and eaphost.txt. I'm not exactly sure what I > >> should search for. Any hints? > >> > >> > >>> PS. I don't like plugging like this but we are almost finished with > the > >>> latest SecureW2 EAPSuite which supports EAP-TTLS/EAP-PEAPv0/v1 and > EAP- > >>> > >> GTC > >> > >>> and has been tested quite extensively with Vista SP0/SP1. > >>> > >> Awesome. I hope it'll work with my Vista's... > >> > >> Kind regards, > >> > >> -- > >> Lech Karol Pawłaszek <ike> > >> "You will never see me fall from grace" [KoRn] > >> > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > -- > Arran Cudbard-Bell ([EMAIL PROTECTED]), > Authentication, Authorisation and Accounting Officer, > Infrastructure Services (IT Services), > E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT > DDI+FAX: +44 1273 873900 | INT: 3900 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html