Hello I have followed the procedures to create EAP certificates in etc/raddb/certs but when i copy the ca.der and client.P12 my windows XP cannot seem to authenticate to the radisu Server.
I can se a small baloon appearing on xp stating failed to authenticate on palstaff. My Proxim AP reports Radius Server Error but i have already set the Radius Server IP address in the Proxim AP. I have also updated my make file as below to allow XP clients to authenticate ###################################################################### # # Create a new client certificate, signed by the the above server # certificate. # ###################################################################### client.csr client.key: client.cnf openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key index.txt serial openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf client.p12: client.crt openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) client.pem: client.p12 openssl pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) cp client.pem $(USER_NAME).pem .PHONY: server.vrfy client.vrfy: ca.pem client.pem c_rehash . openssl verify -CApath . client.pem $ rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt* and redo the certificates. Please need help on this Regards Devinder 2010/1/20 Devinder Singh <devinbhul...@gmail.com> > After i had restarted my XP > > i get to see Windows was unable to log you on to palstaff. > > > palstaff is my sssid > > > Devinder > > > 2010/1/20 Devinder Singh <devinbhul...@gmail.com> > >> When i click on my SSID i get authentication failed. The Proxim AP reports >> Radius not connected and i dont get to see any reply on Radius Server >> >> >> >> 2010/1/20 Devinder Singh <devinbhul...@gmail.com> >> >>> ###################################################################### >>> # >>> # Create a new client certificate, signed by the the above server >>> # certificate. >>> # >>> ###################################################################### >>> client.csr client.key: client.cnf >>> openssl req -new -out client.csr -keyout client.key -config >>> ./client.cnf >>> >>> client.crt: client.csr ca.pem ca.key index.txt serial >>> openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr >>> -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile >>> xpextensions -config ./client.cnf >>> >>> client.p12: client.crt >>> openssl pkcs12 -export -in client.crt -inkey client.key -out >>> client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) >>> >>> client.pem: client.p12 >>> openssl pkcs12 -in client.p12 -out client.pem -passin >>> pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT) >>> cp client.pem $(USER_NAME).pem >>> >>> .PHONY: server.vrfy >>> client.vrfy: ca.pem client.pem >>> c_rehash . >>> openssl verify -CApath . client.pem >>> >>> >>> >>> 2010/1/20 Devinder Singh <devinbhul...@gmail.com> >>> >>>> Hi Ivan, >>>> >>>> I cant seem to authenticate my Windows XP client using EAP >>>> authentication. I have folllowed the steps in /etc/raddb/certs >>>> >>>> This is my radius start up >>>> Module: Instantiating >>>> eap-tls >>>> tls >>>> { >>>> >>>> rsa_key_exchange = >>>> no >>>> dh_key_exchange = >>>> yes >>>> rsa_key_length = >>>> 512 >>>> dh_key_length = >>>> 512 >>>> verify_depth = >>>> 0 >>>> pem_file_type = >>>> yes >>>> private_key_file = >>>> "/etc/raddb/certs/server.pem" >>>> certificate_file = >>>> "/etc/raddb/certs/server.pem" >>>> CA_file = >>>> "/etc/raddb/certs/ca.pem" >>>> private_key_password = >>>> "myettelap" >>>> dh_file = >>>> "/etc/raddb/certs/dh" >>>> random_file = >>>> "/etc/raddb/certs/random" >>>> fragment_size = >>>> 1024 >>>> include_length = >>>> yes >>>> check_crl = >>>> no >>>> cipher_list = >>>> "DEFAULT" >>>> make_cert_command = >>>> "/etc/raddb/certs/bootstrap" >>>> cache >>>> { >>>> >>>> enable = >>>> no >>>> lifetime = >>>> 24 >>>> max_entries = >>>> 255 >>>> >>>> } >>>> >>>> >>>> } >>>> >>>> Module: Linked to sub-module >>>> rlm_eap_ttls >>>> Module: Instantiating >>>> eap-ttls >>>> ttls >>>> { >>>> >>>> default_eap_type = >>>> "md5" >>>> copy_request_to_tunnel = >>>> no >>>> use_tunneled_reply = >>>> no >>>> virtual_server = >>>> "inner-tunnel" >>>> >>>> } >>>> >>>> Module: Linked to sub-module >>>> rlm_eap_peap >>>> Module: Instantiating >>>> eap-peap >>>> peap >>>> { >>>> >>>> default_eap_type = >>>> "mschapv2" >>>> copy_request_to_tunnel = >>>> no >>>> use_tunneled_reply = >>>> no >>>> proxy_tunneled_request_as_eap = >>>> yes >>>> virtual_server = >>>> "inner-tunnel" >>>> >>>> } >>>> >>>> Module: Linked to sub-module >>>> rlm_eap_mschapv2 >>>> Module: Instantiating >>>> eap-mschapv2 >>>> mschapv2 >>>> { >>>> >>>> with_ntdomain_hack = >>>> no >>>> >>>> } >>>> >>>> Module: Checking authorize {...} for more modules to >>>> load >>>> Module: Linked to module >>>> rlm_realm >>>> Module: Instantiating >>>> suffix >>>> realm suffix >>>> { >>>> format = >>>> "suffix" >>>> delimiter = >>>> "@" >>>> ignore_default = >>>> no >>>> ignore_null = >>>> no >>>> >>>> } >>>> >>>> Module: Linked to module >>>> rlm_files >>>> Module: Instantiating >>>> files >>>> files >>>> { >>>> >>>> usersfile = >>>> "/etc/raddb/users" >>>> acctusersfile = >>>> "/etc/raddb/acct_users" >>>> preproxy_usersfile = >>>> "/etc/raddb/preproxy_users" >>>> compat = >>>> "no" >>>> >>>> } >>>> >>>> Module: Checking session {...} for more modules to >>>> load >>>> Module: Linked to module >>>> rlm_radutmp >>>> Module: Instantiating >>>> radutmp >>>> radutmp >>>> { >>>> >>>> filename = >>>> "/var/log/radius/radutmp" >>>> username = >>>> "%{User-Name}" >>>> case_sensitive = >>>> yes >>>> check_with_nas = >>>> yes >>>> perm = >>>> 384 >>>> callerid = >>>> yes >>>> >>>> } >>>> >>>> Module: Checking post-proxy {...} for more modules to >>>> load >>>> Module: Checking post-auth {...} for more modules to >>>> load >>>> Module: Linked to module >>>> rlm_attr_filter >>>> Module: Instantiating >>>> attr_filter.access_reject >>>> attr_filter attr_filter.access_reject >>>> { >>>> attrsfile = >>>> "/etc/raddb/attrs.access_reject" >>>> key = >>>> "%{User-Name}" >>>> >>>> } >>>> >>>> } >>>> >>>> } >>>> >>>> modules >>>> { >>>> >>>> Module: Checking authenticate {...} for more modules to >>>> load >>>> Module: Checking authorize {...} for more modules to >>>> load >>>> Module: Linked to module >>>> rlm_preprocess >>>> Module: Instantiating >>>> preprocess >>>> preprocess >>>> { >>>> >>>> huntgroups = >>>> "/etc/raddb/huntgroups" >>>> hints = >>>> "/etc/raddb/hints" >>>> with_ascend_hack = >>>> no >>>> ascend_channels_per_line = >>>> 23 >>>> with_ntdomain_hack = >>>> no >>>> with_specialix_jetstream_hack = >>>> no >>>> with_cisco_vsa_hack = >>>> no >>>> with_alvarion_vsa_hack = >>>> no >>>> >>>> } >>>> >>>> Module: Checking preacct {...} for more modules to >>>> load >>>> Module: Linked to module >>>> rlm_acct_unique >>>> Module: Instantiating acct_unique >>>> acct_unique { >>>> key = "User-Name, Acct-Session-Id, NAS-IP-Address, >>>> Client-IP-Address, NAS-Port" >>>> } >>>> Module: Checking accounting {...} for more modules to load >>>> Module: Linked to module rlm_detail >>>> Module: Instantiating detail >>>> detail { >>>> detailfile = >>>> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" >>>> header = "%t" >>>> detailperm = 384 >>>> dirperm = 493 >>>> locking = no >>>> log_packet_header = no >>>> } >>>> Module: Instantiating attr_filter.accounting_response >>>> attr_filter attr_filter.accounting_response { >>>> attrsfile = "/etc/raddb/attrs.accounting_response" >>>> key = "%{User-Name}" >>>> } >>>> Module: Checking session {...} for more modules to load >>>> Module: Checking post-proxy {...} for more modules to load >>>> Module: Checking post-auth {...} for more modules to load >>>> } >>>> radiusd: #### Opening IP addresses and Ports #### >>>> listen { >>>> type = "auth" >>>> ipaddr = * >>>> port = 0 >>>> } >>>> listen { >>>> type = "acct" >>>> ipaddr = * >>>> port = 0 >>>> } >>>> Listening on authentication address * port 1812 >>>> Listening on accounting address * port 1813 >>>> Listening on proxy address * port 1814 >>>> Ready to process requests. >>>> ^[[6~^[[6~ >>>> >>>> >>>> 2010/1/20 Devinder Singh <devinbhul...@gmail.com> >>>> >>>> Hi Ivan, >>>>> >>>>> I created the certificates basd on the README file in etc/raddb and >>>>> copied ca.der and client.p12 to Windows XP >>>>> >>>>> I also also made changed to the Makefile which runs on XP but when i >>>>> connect to the SSID i get authentication failde and the radius does not >>>>> seem >>>>> to get any response from the Proxim AP. >>>>> >>>>> >>>>> >>>>> -- >>>>> Devinder >>>>> >>>> >>>> >>>> >>>> -- >>>> Devinder >>>> >>> >>> >>> >>> -- >>> Devinder >>> >> >> >> >> -- >> Devinder >> > > > > -- > Devinder > -- Devinder
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html