On 18/05/11 16:26, Simon L. wrote:
Using WPA2-Enterprise results in Access-Rejects after one Request.
That is not normal. WPA2 should be the same as WPA at the radius level.
Using WPA-Enterprise results in about nine different Access-Challanges
and one final Access-Accept - that cant be right.
That is normal. EAP exchanges are usually 9/10 request/challenge pairs
followed by a final request/accept.
What exactly is your problem?
I have set up a testing scenario with the local test user bob. If local
authentication works properly i want to proxy all requests without EAP
to another freeradius server. I will have questions to that later :)
radtest from localhost an remotehost succeeded.
Sorry - radtest does not do EAP. radtest is not a valid test.
I dont get a clue if the Problem is Windows, Certificates, Network oder
simply misconfigured freeradius.
You haven't told us what the problem is. WPA-Enterprise is working for
you - the radius server is sending an access-accept. What problem are
you experiencing?
certificates:
- i build the certs with and without that windows extension OID in
server.cnf with make from ../raddb/certs
Why? You MUST include the OID.
- 2048 bit
Windows 7:
- installed ca.der as root cert in win7 and configured it for the
desired WiFi network
- for my eyes no difference in debug logs if validate server cert or not.
"Validate server cert" is done on the client. You won't see any
difference on the server.
- unchecked using windows user or domain for auth
- EAP comes with PEAP/MSCHAPv2 as default - but the certs are for eap -
tls right?
PEAP uses TLS. PEAP needs certs too.
WAP:
- WPA2 Enterprise with AES no accept packet possible until now
As above - that's not normal.
The debug you sent contains no reject. Please send a debug for this case.
- WPA Enterprise with AES results in that 9-times Challenges until accept
As above - this is normal
Access-Accept means everything is working.
If you are still having problems after the Access-Accept, you need to
describe what those problems are.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html