Re: Cisco 340 & WinXP
hi Wayne! Thank you for your answer. It took some time here to get rid of the problem. Perhaps you've seen my comment on the mail list (which seems to be more or less ignored). My problems originated from the Reply-Message attribute which was set for the user. If I set this attribute, I get a Notification message from the authenticator (NAS) instead of the Challenge-Response (the 3rd message in the basic MD5-exchange). FreeRADIUS doesn't seem to know what to do with this message. It sends out a Reject because it awaits the Response to its challenge. Well, I am not sure, if this Notification is protocol conform or not (didn't take a look on it till now). Neither am I sure if this message is produced by the NAS or just resent by the latter... I can't test it now because I only have one NAS type. Perhaps you could alter one of your (test-) users adding the Reply-Message "Hello, %u" or something to his user-definition. Since you use other NAS (as you kindly explained me), we would know if this message is sent out by Windows XP or by the NAS. If you have time to do so, of course. Otherwise, let it be. Regards, artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
Hello, Artur, I also have no problem using EAP/MD5 with FreeRADIUS, but I use another vendor's AP. authorize { preprocess eap . } authenticate { . eap } - Original Message - From: "Artur Hecker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 18, 2002 10:04 PM Subject: Re: Cisco 340 & WinXP > hello ken! > > could you possibly post here your authenticate and authorize sections > and one user entry ? > and: what does it say in your case after issuing the challenge to the > eap request? > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
hello ken! could you possibly post here your authenticate and authorize sections and one user entry ? and: what does it say in your case after issuing the challenge to the eap request? thank you Ken Roser wrote: > > I haven't found any problems using EAP/MD5 with Win XP. I've been using the > 4/23/2002 CVS snapshot. > -- Artur Hecker Groupe Accès et Mobilité [EMAIL PROTECTED]Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
I haven't found any problems using EAP/MD5 with Win XP. I've been using the 4/23/2002 CVS snapshot. Artur Hecker wrote: > hi > > > No, the problem is in the server. If you have > > time/interest/whatever, you can try tracking down exactly what > > attributes are added to the list of config items, and when. > > I have both :) I will try... I think it would be better to try the > newest snapshot first... Then: question to the list - DOES ANYBODY HAVE > EAP/MD5 WORKING? Could you provide me your configuration details in that > case? Any tricks? > > > Once the 'users' file adds the User-Password attribute properly, > > then the EAP module should be able to find it. However, this may > > require breaking backwards compatibility a bit. That doesn't bother > > me too much, though. > > Ok, where should I begin? > > artur > > -- > Artur Hecker Groupe Accès et Mobilité > hecker[at]enst[dot]fr Département Informatique et Réseaux > +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 > http://www.infres.enst.fr ENST Paris > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
Artur Hecker wrote: > > hi > > first of all thanks for support. second: nope, it didn't help :( > > > Try Auth-Type := EAP and remove eap in the authorize > > and check if it works. > > That is even worth. Then the eap-mod says that it can't find neither > Username nor password. > > This is even strange. Can you post the logs for this. > > or try eap as the last one in the above authorize block. > > Which changed nothing, sorry... > > > The problem is that the configured User-Password is never picked > > into the REQUEST->config_items VALUE_PAIR. > > Yes, evidently the password is not given to the module for validation... > It looks like a configuration issue. If you can post your Users file, radiusd.conf and the corresponding logs, It would certaily help us to locate the problem. -Raghu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
hi > No, the problem is in the server. If you have > time/interest/whatever, you can try tracking down exactly what > attributes are added to the list of config items, and when. I have both :) I will try... I think it would be better to try the newest snapshot first... Then: question to the list - DOES ANYBODY HAVE EAP/MD5 WORKING? Could you provide me your configuration details in that case? Any tricks? > Once the 'users' file adds the User-Password attribute properly, > then the EAP module should be able to find it. However, this may > require breaking backwards compatibility a bit. That doesn't bother > me too much, though. Ok, where should I begin? artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
Artur Hecker <[EMAIL PROTECTED]> wrote: > > The problem is that the configured User-Password is never picked > > into the REQUEST->config_items VALUE_PAIR. > > Yes, evidently the password is not given to the module for validation... > > What should I do? tcpdump? No, the problem is in the server. If you have time/interest/whatever, you can try tracking down exactly what attributes are added to the list of config items, and when. Once the 'users' file adds the User-Password attribute properly, then the EAP module should be able to find it. However, this may require breaking backwards compatibility a bit. That doesn't bother me too much, though. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco 340 & WinXP
hi first of all thanks for support. second: nope, it didn't help :( > Try Auth-Type := EAP and remove eap in the authorize > and check if it works. That is even worth. Then the eap-mod says that it can't find neither Username nor password. > or try eap as the last one in the above authorize block. Which changed nothing, sorry... > The problem is that the configured User-Password is never picked > into the REQUEST->config_items VALUE_PAIR. Yes, evidently the password is not given to the module for validation... What should I do? tcpdump? Thanks artur -- Artur Hecker Groupe Accès et Mobilité [EMAIL PROTECTED]Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html