EAP/TLS DLINK DWL-2000AP+ Setup Problem XP Client

2005-08-17 Thread Ceyhun K 
Hi,

I've setup eap/tls with freeradius in my network.
I'm using certificates signed by a private CA.

Here is my problem:

When i check validate server certificate in client's connection
properties, radius an access challenge and nothing happens:

Sending Access-Challenge of id 3 to 192.168.145.13:1812
EAP-Message =
0x010400350d80002b14030100010116030100209e7c62b412a95e4583fd662183c3cfd5ff3aa01d4cf27de813dc6cc9b040fc78
Message-Authenticator = 0x
State = 0xf48deff8e489ad47d9acb4c64dc756f4

With box unchecked, everything seems to be ok in freeradius logs.
But just after Access-Accept packet, AP reboots and client connection dies.



Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 26
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap: Freeing handler
  modcall[authenticate]: module eap returns ok for request 26
modcall: group authenticate returns ok for request 26
Sending Access-Accept of id 10 to 192.168.145.13:1812
MS-MPPE-Recv-Key =
0x7ace5e49f382cd4ad52cbef684f2380b2d9982659a2779ca55e3e7f243277363
MS-MPPE-Send-Key =
0xa44f01b3c2487c7ac23853a6b1c9fb645f3cf9780ed791d772bf639eb8dc6f63
EAP-Message = 0x03040004
Message-Authenticator = 0x
User-Name = wireless-12
Finished request 26 


I'm confused, where to find error?
My AP HW, freeradius configuration, or certificate stuff.

Please guide me.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[ntlm_auth problem with peap] Some users are authenticated some are not

2005-07-29 Thread Ceyhun K 
Hi,

I've setup freeradius 1.0.4 for authenticating wireless users.
I use peap authentication with ntlm_auth.
Setup work fine for most of the users.
My ntlm auth command from radiusd.conf is as follows:
ntlm_auth = /usr/local/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain}
--challenge=%{mschap:Challenge:-00} 
--nt-response=%{mschap:NT-Response:-00}

Some user's authentication is rejected with Logon failure (0xc06d) Error.
I tried Radius exec--program in command line, it didn't work either.
Same message ...

Problematic user's active directory authentication works fine for domain.
Perhaps it is a bun in ntlm_auth.

Any idea?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html