I may have solved my own problem - I have contradicting encryption settings for each VLAN on the Cisco access point. I was testing the setup by bumping the user from VLAN 200 (WPA-required) to VLAN 100 (open access). I'll give this a shot and post my results.
-William On Sun, Jan 25, 2009 at 22:14, William Graeber <swi...@swilly.tk> wrote: > Here is the output of Cisco debugging with "use_tunneled_reply = yes": > http://dpaste.com/113022/ > > Again, I really appreciate your help. > > -William > > On Sun, Jan 25, 2009 at 18:29, <t...@kalik.net> wrote: >>>I have modified eap.conf and added "use_tunneled_reply = yes" in the >>>peap section. I have previously tried this, and obtained the same >>>results. Whenever a client tries to login, they get cycled from >>>authenticating/connecting very quickly. I've posted an example output >>>from a radius debug: http://dpaste.com/112927/ >>> >> >> You are getting an Access-Accept with VLAN attributes now: >> >> Sending Access-Accept of id 199 to 10.0.0.254 port 1645 >> Tunnel-Medium-Type:0 = IEEE-802 >> Tunnel-Type:0 = VLAN >> Tunnel-Private-Group-Id:0 = "100" >> User-Name = "wgraeber" >> MS-MPPE-Recv-Key = >> 0x8d9a0e99e52c18b817039f9d503bbd00d66c3cf3927d2528460 >> 7bb4c52ab58f1 >> MS-MPPE-Send-Key = >> 0x5b07ed87b3ddd6c9fe6186c9443d80cca1b7e24f393f854f585 >> 59d26a1100bfb >> EAP-Message = 0x030a0004 >> Message-Authenticator = 0x00000000000000000000000000000000 >> >> But AP is unhappy. Do debug dot11 aaa and see what is it complaining >> about. It's missing something (probably Service-Type). >> >> Ivan Kalik >> Kalik Informatika ISP >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > -- William M. Graeber Furman University PMB 27335 3300 Poinsett Highway Greenville, SC 29613 864 905 9533 (Mobile) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html