I can't comment on your problem right now, but be aware there seem to be MANY issues with Windows 7. Our config works PERFECT with XP, Apple IOS, and other "basic" stuff. When we started testing Windows 7 (WPA2 Enterprise) we ran into all kinds of weirdness. And just when we think we have a working config and have a few users start testing it breaks.
The web is littered with people having problems with Windows 7. I'm convinced the W7 Supplicant is really broken. In our environment FR doesn't even see the PEAP, just an MSCHAP, and that even fails! Anyway... Maybe if someone knows of a tool to dehash/decrypt the MSCHAP stuff I could actually see what's different in the requests between a working auth and a rejected auth. Right now we're grasping at straws and can't figure out why MS is essentially doing nothing about this... G -----Original Message----- From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On Behalf Of Simon L. Sent: Wednesday, May 18, 2011 10:27 AM To: FreeRadius users mailing list Subject: Authentication issues with Win7 and WPA/WPA2 Enterprise Dear Users, I hope you will be patient with me, its my first time with freeradius. I have problems to authenticate Windows 7 Clients with freeradius. Using WPA2-Enterprise results in Access-Rejects after one Request. Using WPA-Enterprise results in about nine different Access-Challanges and one final Access-Accept - that cant be right. I have set up a testing scenario with the local test user bob. If local authentication works properly i want to proxy all requests without EAP to another freeradius server. I will have questions to that later :) radtest from localhost an remotehost succeeded. Setting: Win7_Client<-----WLAN----->WAP LinksysWRT54gl<------MPLS-Network over PPPoE----------->FreeRADIUS_proxy(<---------------------------->FreeRADIUS_main) Windows 7 dd-wrt v24 SP2 Ubuntu Server 10.4.2, freeradius 2.1.10 generic 10.73.108.254 internal: 10.0.73.1 external: 213.x.x.x I dont get a clue if the Problem is Windows, Certificates, Network oder simply misconfigured freeradius. certificates: - i build the certs with and without that windows extension OID in server.cnf with make from ../raddb/certs - 2048 bit Windows 7: - installed ca.der as root cert in win7 and configured it for the desired WiFi network - for my eyes no difference in debug logs if validate server cert or not. - unchecked using windows user or domain for auth - EAP comes with PEAP/MSCHAPv2 as default - but the certs are for eap - tls right? WAP: - WPA2 Enterprise with AES no accept packet possible until now - WPA Enterprise with AES results in that 9-times Challenges until accept freeRADIUS: - compiled with installed openSSL dev lib - default config as it comes out of the box, exept: added user bob with cleartext password in users, added the WAP as client in clients.conf, changed default_eap_type = "peap" and private_key_password = "MYSECRET_FROM_SERVER_CERT" in eap.conf configuration and stuff pls look at attached debug.log from running radiusd -X debug.log contains the output of radiusd -X with Access-Requests over WPA-Enterprise. I hope you got a hint for me. Thanks ! Simon <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html