When i click on my SSID i get authentication failed. The Proxim AP reports Radius not connected and i dont get to see any reply on Radius Server
2010/1/20 Devinder Singh <devinbhul...@gmail.com> > ###################################################################### > # > # Create a new client certificate, signed by the the above server > # certificate. > # > ###################################################################### > client.csr client.key: client.cnf > openssl req -new -out client.csr -keyout client.key -config > ./client.cnf > > client.crt: client.csr ca.pem ca.key index.txt serial > openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key > $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile > xpextensions -config ./client.cnf > > client.p12: client.crt > openssl pkcs12 -export -in client.crt -inkey client.key -out > client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) > > client.pem: client.p12 > openssl pkcs12 -in client.p12 -out client.pem -passin > pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) > cp client.pem $(USER_NAME).pem > > .PHONY: server.vrfy > client.vrfy: ca.pem client.pem > c_rehash . > openssl verify -CApath . client.pem > > > > 2010/1/20 Devinder Singh <devinbhul...@gmail.com> > >> Hi Ivan, >> >> I cant seem to authenticate my Windows XP client using EAP authentication. >> I have folllowed the steps in /etc/raddb/certs >> >> This is my radius start up >> Module: Instantiating >> eap-tls >> tls >> { >> >> rsa_key_exchange = >> no >> dh_key_exchange = >> yes >> rsa_key_length = >> 512 >> dh_key_length = >> 512 >> verify_depth = >> 0 >> pem_file_type = >> yes >> private_key_file = >> "/etc/raddb/certs/server.pem" >> certificate_file = >> "/etc/raddb/certs/server.pem" >> CA_file = >> "/etc/raddb/certs/ca.pem" >> private_key_password = >> "myettelap" >> dh_file = >> "/etc/raddb/certs/dh" >> random_file = >> "/etc/raddb/certs/random" >> fragment_size = >> 1024 >> include_length = >> yes >> check_crl = >> no >> cipher_list = >> "DEFAULT" >> make_cert_command = >> "/etc/raddb/certs/bootstrap" >> cache >> { >> >> enable = >> no >> lifetime = >> 24 >> max_entries = >> 255 >> >> } >> >> >> } >> >> Module: Linked to sub-module >> rlm_eap_ttls >> Module: Instantiating >> eap-ttls >> ttls >> { >> >> default_eap_type = >> "md5" >> copy_request_to_tunnel = >> no >> use_tunneled_reply = >> no >> virtual_server = >> "inner-tunnel" >> >> } >> >> Module: Linked to sub-module >> rlm_eap_peap >> Module: Instantiating >> eap-peap >> peap >> { >> >> default_eap_type = >> "mschapv2" >> copy_request_to_tunnel = >> no >> use_tunneled_reply = >> no >> proxy_tunneled_request_as_eap = >> yes >> virtual_server = >> "inner-tunnel" >> >> } >> >> Module: Linked to sub-module >> rlm_eap_mschapv2 >> Module: Instantiating >> eap-mschapv2 >> mschapv2 >> { >> >> with_ntdomain_hack = >> no >> >> } >> >> Module: Checking authorize {...} for more modules to >> load >> Module: Linked to module >> rlm_realm >> Module: Instantiating >> suffix >> realm suffix >> { >> format = >> "suffix" >> delimiter = >> "@" >> ignore_default = >> no >> ignore_null = >> no >> >> } >> >> Module: Linked to module >> rlm_files >> Module: Instantiating >> files >> files >> { >> >> usersfile = >> "/etc/raddb/users" >> acctusersfile = >> "/etc/raddb/acct_users" >> preproxy_usersfile = >> "/etc/raddb/preproxy_users" >> compat = >> "no" >> >> } >> >> Module: Checking session {...} for more modules to >> load >> Module: Linked to module >> rlm_radutmp >> Module: Instantiating >> radutmp >> radutmp >> { >> >> filename = >> "/var/log/radius/radutmp" >> username = >> "%{User-Name}" >> case_sensitive = >> yes >> check_with_nas = >> yes >> perm = >> 384 >> callerid = >> yes >> >> } >> >> Module: Checking post-proxy {...} for more modules to >> load >> Module: Checking post-auth {...} for more modules to >> load >> Module: Linked to module >> rlm_attr_filter >> Module: Instantiating >> attr_filter.access_reject >> attr_filter attr_filter.access_reject >> { >> attrsfile = >> "/etc/raddb/attrs.access_reject" >> key = >> "%{User-Name}" >> >> } >> >> } >> >> } >> >> modules >> { >> >> Module: Checking authenticate {...} for more modules to >> load >> Module: Checking authorize {...} for more modules to >> load >> Module: Linked to module >> rlm_preprocess >> Module: Instantiating >> preprocess >> preprocess >> { >> >> huntgroups = >> "/etc/raddb/huntgroups" >> hints = >> "/etc/raddb/hints" >> with_ascend_hack = >> no >> ascend_channels_per_line = >> 23 >> with_ntdomain_hack = >> no >> with_specialix_jetstream_hack = >> no >> with_cisco_vsa_hack = >> no >> with_alvarion_vsa_hack = >> no >> >> } >> >> Module: Checking preacct {...} for more modules to >> load >> Module: Linked to module >> rlm_acct_unique >> Module: Instantiating acct_unique >> acct_unique { >> key = "User-Name, Acct-Session-Id, NAS-IP-Address, >> Client-IP-Address, NAS-Port" >> } >> Module: Checking accounting {...} for more modules to load >> Module: Linked to module rlm_detail >> Module: Instantiating detail >> detail { >> detailfile = >> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" >> header = "%t" >> detailperm = 384 >> dirperm = 493 >> locking = no >> log_packet_header = no >> } >> Module: Instantiating attr_filter.accounting_response >> attr_filter attr_filter.accounting_response { >> attrsfile = "/etc/raddb/attrs.accounting_response" >> key = "%{User-Name}" >> } >> Module: Checking session {...} for more modules to load >> Module: Checking post-proxy {...} for more modules to load >> Module: Checking post-auth {...} for more modules to load >> } >> radiusd: #### Opening IP addresses and Ports #### >> listen { >> type = "auth" >> ipaddr = * >> port = 0 >> } >> listen { >> type = "acct" >> ipaddr = * >> port = 0 >> } >> Listening on authentication address * port 1812 >> Listening on accounting address * port 1813 >> Listening on proxy address * port 1814 >> Ready to process requests. >> ^[[6~^[[6~ >> >> >> 2010/1/20 Devinder Singh <devinbhul...@gmail.com> >> >> Hi Ivan, >>> >>> I created the certificates basd on the README file in etc/raddb and >>> copied ca.der and client.p12 to Windows XP >>> >>> I also also made changed to the Makefile which runs on XP but when i >>> connect to the SSID i get authentication failde and the radius does not seem >>> to get any response from the Proxim AP. >>> >>> >>> >>> -- >>> Devinder >>> >> >> >> >> -- >> Devinder >> > > > > -- > Devinder > -- Devinder
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html