Re: TTLS Configuration
Nixon, Anthony S. [EMAIL PROTECTED] wrote: I have successfully implemented TTLS using Funk's client and the latest snapshot of FreeRadius (excellent work). I first had to get TLS working, which has great documentation on the web, and finally TTLS w/ md5. I have two questions - 1) Does the client require just the root CA from the radius server when using TTLS, or are client certs still necessary? The client certificates are NOT necessary in TTLS. 2) I am having a problem getting the client to pick up a DHCP address now. I had no problem when using just EAP-MD5, but now am having trouble. Is there an issue with TTLS and DHCP, or is this a RADIUS issue? I'm not sure. If the client is doing DHCP after TTLS authentication, then it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: TTLS Configuration
Thanks for the reply Alan. I have since changed back to WEP and have no problems obtaining an address. I have changed it back to RADIUS+WEP on the Linksys. Funk client shows open and authenticated using TTLS w/ MD5. I try to perform an ipconfig /renew but end up getting a network unreachable error. Anything I can do to try and solve this mystery? Thanks - Shon -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: TTLS Configuration Nixon, Anthony S. [EMAIL PROTECTED] wrote: I have successfully implemented TTLS using Funk's client and the latest snapshot of FreeRadius (excellent work). I first had to get TLS working, which has great documentation on the web, and finally TTLS w/ md5. I have two questions - 1) Does the client require just the root CA from the radius server when using TTLS, or are client certs still necessary? The client certificates are NOT necessary in TTLS. 2) I am having a problem getting the client to pick up a DHCP address now. I had no problem when using just EAP-MD5, but now am having trouble. Is there an issue with TTLS and DHCP, or is this a RADIUS issue? I'm not sure. If the client is doing DHCP after TTLS authentication, then it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This message, including any attachments, is intended only for the use of the addressee and contains information that is PRIVILEGED and CONFIDENTIAL. It may be used only by the addressee and may not be divulged without the express consent of the sender. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TTLS Configuration
Nixon, Anthony S. [EMAIL PROTECTED] wrote: Thanks for the reply Alan. I have since changed back to WEP and have no problems obtaining an address. I have changed it back to RADIUS+WEP on the Linksys. Funk client shows open and authenticated using TTLS w/ MD5. I try to perform an ipconfig /renew but end up getting a network unreachable error. Anything I can do to try and solve this mystery? I would suggest configuring with a static IP address. I've heard of other AP's having similar problems with other RADIUS servers, so it's not just FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: TTLS Configuration
Thanks again Alan. I have added a static ip to the adapter and still no joy. This is looking like the AP is not passing the traffic. I do have good authentication from the radius server using TTLS w/ MD5. So I agree with you - not FreeRADIUS , but a bad AP. This was Linksys's first pass at a firmware upgrade to 11g standards, so I guess it will take a while to get it fixed :( Anyone tried this with another brand of AP and have it working with DHCP? I have a D-Link 11g AP on the way to test, so hopefully they will work better. Thanks - Shon BTW, I used just openssl-0.9.7b exclusively for everything - cert generation, compiling - everything. Is that an issue? If the server/client are authenticating, would that not that point to it working (Win2K w/ Funk Odyssey 2.22)? Also would copy_request_to_tunnel and use_tunneled_reply = no have an affect? Thanks - Shon -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: Re: TTLS Configuration Nixon, Anthony S. [EMAIL PROTECTED] wrote: Thanks for the reply Alan. I have since changed back to WEP and have no problems obtaining an address. I have changed it back to RADIUS+WEP on the Linksys. Funk client shows open and authenticated using TTLS w/ MD5. I try to perform an ipconfig /renew but end up getting a network unreachable error. Anything I can do to try and solve this mystery? I would suggest configuring with a static IP address. I've heard of other AP's having similar problems with other RADIUS servers, so it's not just FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This message, including any attachments, is intended only for the use of the addressee and contains information that is PRIVILEGED and CONFIDENTIAL. It may be used only by the addressee and may not be divulged without the express consent of the sender. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TTLS Configuration
Hi Shon, we are having same problems. Which AP are you using? Nixon, Anthony S. wrote: Thanks for the reply Alan. I have since changed back to WEP and have no problems obtaining an address. I have changed it back to RADIUS+WEP on the Linksys. Funk client shows open and authenticated using TTLS w/ MD5. I try to perform an ipconfig /renew but end up getting a network unreachable error. Anything I can do to try and solve this mystery? Thanks - Shon -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: TTLS Configuration Nixon, Anthony S. [EMAIL PROTECTED] wrote: I have successfully implemented TTLS using Funk's client and the latest snapshot of FreeRadius (excellent work). I first had to get TLS working, which has great documentation on the web, and finally TTLS w/ md5. I have two questions - 1) Does the client require just the root CA from the radius server when using TTLS, or are client certs still necessary? The client certificates are NOT necessary in TTLS. 2) I am having a problem getting the client to pick up a DHCP address now. I had no problem when using just EAP-MD5, but now am having trouble. Is there an issue with TTLS and DHCP, or is this a RADIUS issue? I'm not sure. If the client is doing DHCP after TTLS authentication, then it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This message, including any attachments, is intended only for the use of the addressee and contains information that is PRIVILEGED and CONFIDENTIAL. It may be used only by the addressee and may not be divulged without the express consent of the sender. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Regards, MfG, Dist.Saluti, Sergio - Srdjan Vemic, CEO Chief Executive Office, FutureBrain [EMAIL PROTECTED] +-+ | FutureBrain GmbH/Srl,Via Palade 97/u,I-39012 Merano(BZ),Italy | | Phone: +390473201457, Fax: +390473201437, Cell.: +393356057014 | | [EMAIL PROTECTED], w w w . f u t u r e b r a i n . i t | +-+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: TTLS Configuration
Linksys WAP54G with 1.08.04 firmware. I am working with the folks at FUnk to try and solve this - FreeRADIUS rocks to high heaven. I now have a TTLS server up and running and plan to actually make it - no don't say it! - production - YES - as soon as I get this issue fixed. Have a couple of Dell server blades waiting for the install. Great work guys. Thanks - Shon -Original Message- From: Fastbyte [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 4:37 PM To: [EMAIL PROTECTED] Subject: Re: TTLS Configuration Hi Shon, we are having same problems. Which AP are you using? Nixon, Anthony S. wrote: Thanks for the reply Alan. I have since changed back to WEP and have no problems obtaining an address. I have changed it back to RADIUS+WEP on the Linksys. Funk client shows open and authenticated using TTLS w/ MD5. I try to perform an ipconfig /renew but end up getting a network unreachable error. Anything I can do to try and solve this mystery? Thanks - Shon -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: TTLS Configuration Nixon, Anthony S. [EMAIL PROTECTED] wrote: I have successfully implemented TTLS using Funk's client and the latest snapshot of FreeRadius (excellent work). I first had to get TLS working, which has great documentation on the web, and finally TTLS w/ md5. I have two questions - 1) Does the client require just the root CA from the radius server when using TTLS, or are client certs still necessary? The client certificates are NOT necessary in TTLS. 2) I am having a problem getting the client to pick up a DHCP address now. I had no problem when using just EAP-MD5, but now am having trouble. Is there an issue with TTLS and DHCP, or is this a RADIUS issue? I'm not sure. If the client is doing DHCP after TTLS authentication, then it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This message, including any attachments, is intended only for the use of the addressee and contains information that is PRIVILEGED and CONFIDENTIAL. It may be used only by the addressee and may not be divulged without the express consent of the sender. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Regards, MfG, Dist.Saluti, Sergio - Srdjan Vemic, CEO Chief Executive Office, FutureBrain [EMAIL PROTECTED] +-+ | FutureBrain GmbH/Srl,Via Palade 97/u,I-39012 Merano(BZ),Italy | | Phone: +390473201457, Fax: +390473201437, Cell.: +393356057014 | | [EMAIL PROTECTED], w w w . f u t u r e b r a i n . i t | +-+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This message, including any attachments, is intended only for the use of the addressee and contains information that is PRIVILEGED and CONFIDENTIAL. It may be used only by the addressee and may not be divulged without the express consent of the sender. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
