Re: EAP + Windows2000
import the server certificate to your windows machine and take a look at it. is there the necessary extension? is it expired? is there the private key included? is the cert issued and signed by something known to the win client? be creative. ciao artur David Baer wrote: > > Thanks for your help, but it won't still authenticate if the "Validate Server > Certificate" is checked... > > David > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP + Windows2000
a stupid question but you didn't explicitly mentioned it: did you install the Win2k 802.1X client from MS? the support for 802.1X is not natively available in Win2k ciao artur Nadeem Akhtar wrote: > > Hi, > I'm trying to set up eap-tls based authentication between a wireless > client (Windows 2000) and a Cisco Aironet 350 AP. I've installed > certificates in the client and a RADIUS server is also up and running. The > problem is that the client is not authenticated. I used Ethereal to > capture packets on the client wireless interface and I can see the > 'Request, identity' EAP packet from the AP but there is no response from > the client! Can anyone tell me how to debug this problem or any other > leads on this. > > Regards, > Nadeem > > Nadeem Akhtar > Centre for Comm. Systems Research > University of Surrey > Guildford, Surrey GU2 7XH > United Kingdom > > Tel (CCSR) : 01483-683605 > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP + Windows2000
Thanks for your help, but it won't still authenticate if the "Validate Server Certificate" is checked... David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP + Windows2000
Nadeem, Also, make sure that the firmware on your client cards is version 4.25 or later and the firmware on you AP is version 11.06 or later. This will ensure that Draft 10 of the 802.1x protocol can be used by both the client and AP. Cheers, Philip Blow Senior Technical Manager Simply Wireless [EMAIL PROTECTED] -Original Message- From: Nadeem Akhtar [mailto:[EMAIL PROTECTED]] Sent: Thursday, 13 February 2003 6:38 AM To: [EMAIL PROTECTED] Subject: EAP + Windows2000 Hi, I'm trying to set up eap-tls based authentication between a wireless client (Windows 2000) and a Cisco Aironet 350 AP. I've installed certificates in the client and a RADIUS server is also up and running. The problem is that the client is not authenticated. I used Ethereal to capture packets on the client wireless interface and I can see the 'Request, identity' EAP packet from the AP but there is no response from the client! Can anyone tell me how to debug this problem or any other leads on this. Regards, Nadeem Nadeem Akhtar Centre for Comm. Systems Research University of Surrey Guildford, Surrey GU2 7XH United Kingdom Tel (CCSR) : 01483-683605 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP + Windows2000
David, Have a look at Ken Roser's HOW-TO (http://www.freeradius.org/doc/EAPTLS.pdf) This how-to is very good and also shows how to open the Certificates MMC plug-in. Then select "Edit Properties..." from the Details tab of the client certificate and ensure that only the "Client Authentication" property is selected. Cheers, Philip Blow Senior Technical Manager Simply Wireless [EMAIL PROTECTED] -Original Message- From: David Baer [mailto:[EMAIL PROTECTED]] Sent: Thursday, 13 February 2003 12:28 PM To: [EMAIL PROTECTED] Subject: Re: EAP + Windows2000 Hi Philip, On Thursday 13 February 2003 10:18, Philip Blow wrote: > Nadeem, > > Does your set up work for Windows XP clients? I would try that first. > > Then, check that client certificate you are using only has the "Client > Authentication" Enhanced key usage property selected. I had to do this > to get EAP to work under Windows XP and 2000. How did you specify this "Client Authentication" Enhanced key usage property? Cheers, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP + Windows2000
Hi Philip, On Thursday 13 February 2003 10:18, Philip Blow wrote: > Nadeem, > > Does your set up work for Windows XP clients? I would try that first. > > Then, check that client certificate you are using only has the "Client > Authentication" Enhanced key usage property selected. I had to do this > to get EAP to work under Windows XP and 2000. How did you specify this "Client Authentication" Enhanced key usage property? Cheers, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP + Windows2000
Nadeem, Does your set up work for Windows XP clients? I would try that first. Then, check that client certificate you are using only has the "Client Authentication" Enhanced key usage property selected. I had to do this to get EAP to work under Windows XP and 2000. Also try another client card. I have had this working on Windows 2000 with both LinkSys And NetGear client cards. Philip Blow Senior Technical Manager Simply Wireless [EMAIL PROTECTED] > -Original Message- > From: Nadeem Akhtar [mailto:[EMAIL PROTECTED]] > Sent: Thursday, 13 February 2003 6:38 AM > To: [EMAIL PROTECTED] > Subject: EAP + Windows2000 > > > > Hi, > I'm trying to set up eap-tls based authentication between a wireless > client (Windows 2000) and a Cisco Aironet 350 AP. I've installed > certificates in the client and a RADIUS server is also up and running. The > problem is that the client is not authenticated. I used Ethereal to > capture packets on the client wireless interface and I can see the > 'Request, identity' EAP packet from the AP but there is no response from > the client! Can anyone tell me how to debug this problem or any other > leads on this. > > Regards, > Nadeem > > > > > Nadeem Akhtar > Centre for Comm. Systems Research > University of Surrey > Guildford, Surrey GU2 7XH > United Kingdom > > Tel (CCSR) : 01483-683605 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html