Hello Everyone! I have FreeRADIUS up and running and authenticating users who dial up into our network. FreeRADIUS is working perfectly for that purpose.
I am now trying to configure FreeRADIUS to also authenticate my wireless users who connect to a Linksys WAP54G Wireless Access Point. I have configured the Linksys to authenticate against my FreeRADIUS server using WPA. FreeRADIUS does get the authentication requests, but it seems that I've done something wrong and the requests are not being authenticated properly. Here's what I get in my FreeRADIUS log: Fri Mar 4 13:11:11 2005 : Auth: Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client wireless.meitech.com port 9 cli 000b7d0fa264) Fri Mar 4 13:11:41 2005 : Info: rlm_eap_tls: Length Included Fri Mar 4 13:11:41 2005 : Error: TLS_accept:error in SSLv3 read client certificate A Fri Mar 4 13:11:41 2005 : Info: rlm_eap_tls: Length Included Fri Mar 4 13:11:41 2005 : Info: (other): SSL negotiation finished successfully Fri Mar 4 13:11:41 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK message Fri Mar 4 13:11:41 2005 : Auth: Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client localhost port 0) Fri Mar 4 13:11:41 2005 : Auth: Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client wireless.meitech.com port 9 cli 000b7d0fa264) Why is there no username attribute? I have configured the Windows XP workstation to use PEAP and it asks me for my login name and password, which I entered, but it seems that the password attribute is not being sent to FreeRADIUS, or maybe it's being sent in a way that FreeRADIUS isn't understanding? I have attached my radiusd.conf file to this e-mail as well, in case anyone wants to review it. PS - I generated the certificates I'm using for eap/tls authentication using OpenSSL for the purposes of having my own "in-house" CA, which allows my to issue certificates to customers and employees as I need to. I figured it was best to use the same certificates for my wireless authentication, no? My wireless users are connecting using login names and passwords, not certificates, but I think that eap needs certificates anyhow, correct? Tim Gustafson MEI Technology Consulting, Inc [EMAIL PROTECTED] (516) 379-0001 Office (516) 480-1870 Mobile/Emergencies (516) 908-4185 Fax http://www.meitech.com/
radiusd.conf
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature