subject:"Cisco 340 WinXP"

Re: Cisco 340 & WinXP

2002-06-10 Thread Artur Hecker


hi Wayne!

Thank you for your answer. It took some time here to get rid of the
problem.

Perhaps you've seen my comment on the mail list (which seems to be more
or less ignored). My problems originated from the Reply-Message
attribute which was set for the user. If I set this attribute, I get a
Notification message from the authenticator (NAS) instead of the
Challenge-Response (the 3rd message in the basic MD5-exchange).
FreeRADIUS doesn't seem to know what to do with this message. It sends
out a Reject because it awaits the Response to its challenge.

Well, I am not sure, if this Notification is protocol conform or not
(didn't take a look on it till now). Neither am I sure if this message
is produced by the NAS or just resent by the latter...

I can't test it now because I only have one NAS type.

Perhaps you could alter one of your (test-) users adding the
Reply-Message "Hello, %u" or something to his user-definition. Since you
use other NAS (as you kindly explained me), we would know if this
message is sent out by Windows XP or by the NAS.

If you have time to do so, of course. Otherwise, let it be.

Regards,

artur



-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-18 Thread Wayne Ying-Jui Lee


Hello, Artur,

I also have no problem using EAP/MD5 with FreeRADIUS,
but I use another vendor's AP.

authorize {
preprocess
eap
.
}

authenticate {
.
eap
}


- Original Message - 
From: "Artur Hecker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, May 18, 2002 10:04 PM
Subject: Re: Cisco 340 & WinXP


> hello ken!
> 
> could you possibly post here your authenticate and authorize sections
> and one user entry ?
> and: what does it say in your case after issuing the challenge to the
> eap request?
> 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-18 Thread Artur Hecker

hello ken!

could you possibly post here your authenticate and authorize sections
and one user entry ?
and: what does it say in your case after issuing the challenge to the
eap request?

thank you

Ken Roser wrote:
> 
> I haven't found any problems using EAP/MD5 with Win XP.  I've been using the
> 4/23/2002 CVS snapshot.
> 

-- 
Artur Hecker Groupe Accès et Mobilité
[EMAIL PROTECTED]Département Informatique et Réseaux
+33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr  ENST Paris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-17 Thread Ken Roser


I haven't found any problems using EAP/MD5 with Win XP.  I've been using the
4/23/2002 CVS snapshot.

Artur Hecker wrote:

> hi
>
> >   No, the problem is in the server.  If you have
> > time/interest/whatever, you can try tracking down exactly what
> > attributes are added to the list of config items, and when.
>
> I have both :) I will try... I think it would be better to try the
> newest snapshot first... Then: question to the list - DOES ANYBODY HAVE
> EAP/MD5 WORKING? Could you provide me your configuration details in that
> case? Any tricks?
>
> >   Once the 'users' file adds the User-Password attribute properly,
> > then the EAP module should be able to find it.  However, this may
> > require breaking backwards compatibility a bit.  That doesn't bother
> > me too much, though.
>
> Ok, where should I begin?
>
> artur
>
> --
> Artur Hecker Groupe Accès et Mobilité
> hecker[at]enst[dot]fr Département Informatique et Réseaux
> +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
> http://www.infres.enst.fr  ENST Paris
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-17 Thread Raghu


Artur Hecker wrote:
> 
> hi
> 
> first of all thanks for support. second: nope, it didn't help :(
> 
> > Try Auth-Type := EAP and remove eap in the authorize
> > and check if it works.
> 
> That is even worth. Then the eap-mod says that it can't find neither
> Username nor password.
> 
> 
This is even strange. Can you post the logs for this.


> > or try eap as the last one in the above authorize block.
> 
> Which changed nothing, sorry...
> 
> > The problem is that the configured User-Password is never picked
> > into the REQUEST->config_items VALUE_PAIR.
> 
> Yes, evidently the password is not given to the module for validation...
>

It looks like a configuration issue.
If you can post your Users file, radiusd.conf and the corresponding
logs,
It would certaily help us to locate the problem.

-Raghu

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-17 Thread Artur Hecker


hi


>   No, the problem is in the server.  If you have
> time/interest/whatever, you can try tracking down exactly what
> attributes are added to the list of config items, and when.

I have both :) I will try... I think it would be better to try the
newest snapshot first... Then: question to the list - DOES ANYBODY HAVE
EAP/MD5 WORKING? Could you provide me your configuration details in that
case? Any tricks?


>   Once the 'users' file adds the User-Password attribute properly,
> then the EAP module should be able to find it.  However, this may
> require breaking backwards compatibility a bit.  That doesn't bother
> me too much, though.

Ok, where should I begin?

artur


-- 
Artur Hecker Groupe Accès et Mobilité
hecker[at]enst[dot]fr Département Informatique et Réseaux
+33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr  ENST Paris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-17 Thread Alan DeKok

Artur Hecker <[EMAIL PROTECTED]> wrote:
> > The problem is that the configured User-Password is never picked
> > into the REQUEST->config_items VALUE_PAIR.
> 
> Yes, evidently the password is not given to the module for validation...
> 
> What should I do? tcpdump?

  No, the problem is in the server.  If you have
time/interest/whatever, you can try tracking down exactly what
attributes are added to the list of config items, and when.

  Once the 'users' file adds the User-Password attribute properly,
then the EAP module should be able to find it.  However, this may
require breaking backwards compatibility a bit.  That doesn't bother
me too much, though.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

2002-05-17 Thread Artur Hecker


hi

first of all thanks for support. second: nope, it didn't help :(


> Try Auth-Type := EAP and remove eap in the authorize
> and check if it works.

That is even worth. Then the eap-mod says that it can't find neither
Username nor password.

 
> or try eap as the last one in the above authorize block.

Which changed nothing, sorry...


> The problem is that the configured User-Password is never picked
> into the REQUEST->config_items VALUE_PAIR.

Yes, evidently the password is not given to the module for validation...

What should I do? tcpdump?


Thanks

artur

-- 
Artur Hecker Groupe Accès et Mobilité
[EMAIL PROTECTED]Département Informatique et Réseaux
+33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr  ENST Paris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

Re: Cisco 340 & WinXP

8 matches

Site Navigation

Mail list logo

Footer information