After i had restarted my XP i get to see Windows was unable to log you on to palstaff.
palstaff is my sssid Devinder 2010/1/20 Devinder Singh <devinbhul...@gmail.com> > When i click on my SSID i get authentication failed. The Proxim AP reports > Radius not connected and i dont get to see any reply on Radius Server > > > > 2010/1/20 Devinder Singh <devinbhul...@gmail.com> > >> ###################################################################### >> # >> # Create a new client certificate, signed by the the above server >> # certificate. >> # >> ###################################################################### >> client.csr client.key: client.cnf >> openssl req -new -out client.csr -keyout client.key -config >> ./client.cnf >> >> client.crt: client.csr ca.pem ca.key index.txt serial >> openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr >> -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile >> xpextensions -config ./client.cnf >> >> client.p12: client.crt >> openssl pkcs12 -export -in client.crt -inkey client.key -out >> client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) >> >> client.pem: client.p12 >> openssl pkcs12 -in client.p12 -out client.pem -passin >> pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) >> cp client.pem $(USER_NAME).pem >> >> .PHONY: server.vrfy >> client.vrfy: ca.pem client.pem >> c_rehash . >> openssl verify -CApath . client.pem >> >> >> >> 2010/1/20 Devinder Singh <devinbhul...@gmail.com> >> >>> Hi Ivan, >>> >>> I cant seem to authenticate my Windows XP client using EAP >>> authentication. I have folllowed the steps in /etc/raddb/certs >>> >>> This is my radius start up >>> Module: Instantiating >>> eap-tls >>> tls >>> { >>> >>> rsa_key_exchange = >>> no >>> dh_key_exchange = >>> yes >>> rsa_key_length = >>> 512 >>> dh_key_length = >>> 512 >>> verify_depth = >>> 0 >>> pem_file_type = >>> yes >>> private_key_file = >>> "/etc/raddb/certs/server.pem" >>> certificate_file = >>> "/etc/raddb/certs/server.pem" >>> CA_file = >>> "/etc/raddb/certs/ca.pem" >>> private_key_password = >>> "myettelap" >>> dh_file = >>> "/etc/raddb/certs/dh" >>> random_file = >>> "/etc/raddb/certs/random" >>> fragment_size = >>> 1024 >>> include_length = >>> yes >>> check_crl = >>> no >>> cipher_list = >>> "DEFAULT" >>> make_cert_command = >>> "/etc/raddb/certs/bootstrap" >>> cache >>> { >>> >>> enable = >>> no >>> lifetime = >>> 24 >>> max_entries = >>> 255 >>> >>> } >>> >>> >>> } >>> >>> Module: Linked to sub-module >>> rlm_eap_ttls >>> Module: Instantiating >>> eap-ttls >>> ttls >>> { >>> >>> default_eap_type = >>> "md5" >>> copy_request_to_tunnel = >>> no >>> use_tunneled_reply = >>> no >>> virtual_server = >>> "inner-tunnel" >>> >>> } >>> >>> Module: Linked to sub-module >>> rlm_eap_peap >>> Module: Instantiating >>> eap-peap >>> peap >>> { >>> >>> default_eap_type = >>> "mschapv2" >>> copy_request_to_tunnel = >>> no >>> use_tunneled_reply = >>> no >>> proxy_tunneled_request_as_eap = >>> yes >>> virtual_server = >>> "inner-tunnel" >>> >>> } >>> >>> Module: Linked to sub-module >>> rlm_eap_mschapv2 >>> Module: Instantiating >>> eap-mschapv2 >>> mschapv2 >>> { >>> >>> with_ntdomain_hack = >>> no >>> >>> } >>> >>> Module: Checking authorize {...} for more modules to >>> load >>> Module: Linked to module >>> rlm_realm >>> Module: Instantiating >>> suffix >>> realm suffix >>> { >>> format = >>> "suffix" >>> delimiter = >>> "@" >>> ignore_default = >>> no >>> ignore_null = >>> no >>> >>> } >>> >>> Module: Linked to module >>> rlm_files >>> Module: Instantiating >>> files >>> files >>> { >>> >>> usersfile = >>> "/etc/raddb/users" >>> acctusersfile = >>> "/etc/raddb/acct_users" >>> preproxy_usersfile = >>> "/etc/raddb/preproxy_users" >>> compat = >>> "no" >>> >>> } >>> >>> Module: Checking session {...} for more modules to >>> load >>> Module: Linked to module >>> rlm_radutmp >>> Module: Instantiating >>> radutmp >>> radutmp >>> { >>> >>> filename = >>> "/var/log/radius/radutmp" >>> username = >>> "%{User-Name}" >>> case_sensitive = >>> yes >>> check_with_nas = >>> yes >>> perm = >>> 384 >>> callerid = >>> yes >>> >>> } >>> >>> Module: Checking post-proxy {...} for more modules to >>> load >>> Module: Checking post-auth {...} for more modules to >>> load >>> Module: Linked to module >>> rlm_attr_filter >>> Module: Instantiating >>> attr_filter.access_reject >>> attr_filter attr_filter.access_reject >>> { >>> attrsfile = >>> "/etc/raddb/attrs.access_reject" >>> key = >>> "%{User-Name}" >>> >>> } >>> >>> } >>> >>> } >>> >>> modules >>> { >>> >>> Module: Checking authenticate {...} for more modules to >>> load >>> Module: Checking authorize {...} for more modules to >>> load >>> Module: Linked to module >>> rlm_preprocess >>> Module: Instantiating >>> preprocess >>> preprocess >>> { >>> >>> huntgroups = >>> "/etc/raddb/huntgroups" >>> hints = >>> "/etc/raddb/hints" >>> with_ascend_hack = >>> no >>> ascend_channels_per_line = >>> 23 >>> with_ntdomain_hack = >>> no >>> with_specialix_jetstream_hack = >>> no >>> with_cisco_vsa_hack = >>> no >>> with_alvarion_vsa_hack = >>> no >>> >>> } >>> >>> Module: Checking preacct {...} for more modules to >>> load >>> Module: Linked to module >>> rlm_acct_unique >>> Module: Instantiating acct_unique >>> acct_unique { >>> key = "User-Name, Acct-Session-Id, NAS-IP-Address, >>> Client-IP-Address, NAS-Port" >>> } >>> Module: Checking accounting {...} for more modules to load >>> Module: Linked to module rlm_detail >>> Module: Instantiating detail >>> detail { >>> detailfile = >>> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" >>> header = "%t" >>> detailperm = 384 >>> dirperm = 493 >>> locking = no >>> log_packet_header = no >>> } >>> Module: Instantiating attr_filter.accounting_response >>> attr_filter attr_filter.accounting_response { >>> attrsfile = "/etc/raddb/attrs.accounting_response" >>> key = "%{User-Name}" >>> } >>> Module: Checking session {...} for more modules to load >>> Module: Checking post-proxy {...} for more modules to load >>> Module: Checking post-auth {...} for more modules to load >>> } >>> radiusd: #### Opening IP addresses and Ports #### >>> listen { >>> type = "auth" >>> ipaddr = * >>> port = 0 >>> } >>> listen { >>> type = "acct" >>> ipaddr = * >>> port = 0 >>> } >>> Listening on authentication address * port 1812 >>> Listening on accounting address * port 1813 >>> Listening on proxy address * port 1814 >>> Ready to process requests. >>> ^[[6~^[[6~ >>> >>> >>> 2010/1/20 Devinder Singh <devinbhul...@gmail.com> >>> >>> Hi Ivan, >>>> >>>> I created the certificates basd on the README file in etc/raddb and >>>> copied ca.der and client.p12 to Windows XP >>>> >>>> I also also made changed to the Makefile which runs on XP but when i >>>> connect to the SSID i get authentication failde and the radius does not >>>> seem >>>> to get any response from the Proxim AP. >>>> >>>> >>>> >>>> -- >>>> Devinder >>>> >>> >>> >>> >>> -- >>> Devinder >>> >> >> >> >> -- >> Devinder >> > > > > -- > Devinder > -- Devinder
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html