RE: 802.1x client question
I'm using securew2 for that... J. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Adam KOSA Verzonden: maandag 10 oktober 2005 22:09 Aan: freeradius-users@lists.freeradius.org Onderwerp: 802.1x client question Hi All, this question may be off-topic, but the windows list i was asking could not help. i set up a 802.1x wired authentication in an ethernet network, with all of the following: eap-tls, eap-md5, eap-peap, with freeradius. everything is working great except one thing: 2k and xp is not able to cache the authentication info. with the certificate, the most i could achieve that when logging on, the auth is automatic. but no network until i log on. this is not a radius problem, since the radius and the authentication process is working great. the reason i'm writing is maybe some of you have solved this problem and could help me please. how am i supposed to configure the client to remember the password? I'm open to any solution, even to forget eap-* and use something less secure. thanks Adam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x client question
Am Montag, 10. Oktober 2005 22:08 schrieb Adam KOSA: Hi All, this question may be off-topic, but the windows list i was asking could not help. i set up a 802.1x wired authentication in an ethernet network, with all of the following: eap-tls, eap-md5, eap-peap, with freeradius. everything is working great except one thing: 2k and xp is not able to cache the authentication info. with the certificate, the most i could achieve that when logging on, the auth is automatic. but no network until i log on. this is not a radius problem, since the radius and the authentication process is working great. the reason i'm writing is maybe some of you have solved this problem and could help me please. how am i supposed to configure the client to remember the password? I'm open to any solution, even to forget eap-* and use something less secure. thanks Adam Forget M$. Windooze is not able to do authentication BEFORE logon. Only after logon the possibilty to authenticate to the network exists. So much to the logic of M$. Use some 3rd party tool. I had good experience with Meetinghouse 801.1x client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x client question
On 10/10/05, Michael Schwartzkopff [EMAIL PROTECTED] wrote: Am Montag, 10. Oktober 2005 22:08 schrieb Adam KOSA: Hi All, this question may be off-topic, but the windows list i was asking could not help. i set up a 802.1x wired authentication in an ethernet network, with all of the following: eap-tls, eap-md5, eap-peap, with freeradius. everything is working great except one thing: 2k and xp is not able to cache the authentication info.with the certificate, the most i could achieve that when logging on, the auth is automatic.but no network until i log on. this is not a radius problem, since the radius and the authentication process is working great.the reason i'm writing is maybe some of you have solved this problem and could help me please.how am i supposed to configure the client to remember the password?I'm open to any solution, even to forget eap-* and use something less secure. thanks AdamForget M$. Windooze is not able to do authentication BEFORE logon. Only afterlogon the possibilty to authenticate to the network exists. So much to the logic of M$.Use some 3rd party tool. I had good experience with Meetinghouse 801.1xclient.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Alan, maybethis behaviour is normal becauseyou want to use a user authentication (you should provide you username and you pwd). However, somewhere in the network card configuration there is a flag that looks like use computer name to authenticate that should be used when no username/pwd pairs are available. I hope this could help you. I'm trying to setup this environment (more or less) too, but I have found some problems in mschap module attempting to authenticate a wireless client using PEAP. Could you tell me something about the configuration you use? Thanks, Yuri - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x client question
Michael Schwartzkopff [EMAIL PROTECTED] wrote: Forget M$. Windooze is not able to do authentication BEFORE logon. Only after logon the possibilty to authenticate to the network exists. So much to the logic of M$. Apparently Samba 3.0.21 will contain patches to ntlm_auth that allow it to do machine authentication for PEAP sessions. I haven't tried it myself, but it might work. I *do* know that using EAP-TLS for machine authentication works, once the magic extended attribute is added. See scripts/xpextensions in the current CVS snapshots. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html