Re: Windows XP keeps "verifying identity"
"Klaas De Craemer" <[EMAIL PROTECTED]> wrote: > Below is RASTLS.LOG and EAPOL.LOG, which I believe are the most important. > I can't find any apparent error in it though, it just keeps repeating > the same request over and over again... Any ideas? Errors follow: > [872] 11:24:14:815: SecurityContextFunction > [872] 11:24:14:815: InitializeSecurityContext returned 0x80090327 > [872] 11:24:14:815: State change to RecdFinished. Error: 0x80090327 That looks like an error to me. The previous packet it received was: > [872] 11:24:14:815: >> Received Request (Code: 1) packet: Id: 4, > Length: 587, Type: 13, TLS blob length: 1601. Flags: L You can correlate that information with the FreeRADIUS debug logs to see what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
Klaas De Craemer wrote: Do you mean the so-called "xpextensions" (1.3.6.1.5.5.7.3.2 for the client and .1 for the server)? I have used them to generate the certificates... Since the client is stopping, and you say you have the OIDs, you'll have to debug the client. Try: netsh ras set tracing * enabled ...and then look for the relevant logs in c:\windows\whereverthehelltheygo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
Garber, Neal wrote: Sending Access-Challenge of id 15 to 127.0.0.1:1027 rad_recv: Access-Request packet from host 127.0.0.1:1027, id=0, length=159 It's receiving the request from a loopback address. Is the client the same machine as the FreeRadius server? Are you really connecting to an Access Point? If so, what is its IP address? That's the EAP inner request. It's proxied internally to FreeRadius, and 127.0.0.1 is just put in there to fill the IP address in. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows XP keeps "verifying identity"
> Sending Access-Challenge of id 15 to 127.0.0.1:1027 > rad_recv: Access-Request packet from host 127.0.0.1:1027, id=0, length=159 It's receiving the request from a loopback address. Is the client the same machine as the FreeRadius server? Are you really connecting to an Access Point? If so, what is its IP address? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows XP keeps "verifying identity"
uth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/server_key.pem" tls: certificate_file = "/etc/freeradius/certs/server_cert.pem" tls: CA_file = "/etc/freeradius/certs/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/etc/freeradius/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. == make appropriate changes in radiusd.conf & eap.conf for the authentication method you want to use Pradeep -- Message: 3 Date: Sat, 8 Jul 2006 15:27:31 +0200 From: "Klaas De Craemer" Subject: Re: Windows XP keeps "verifying identity" To: freeradius-users at lists.freeradius.org Message-ID: > Content-Type: text/plain; charset=ISO-8859-1; format=flowed Ow, I forgot to say that I'm trying to use EAP-TLS... 2006/7/8, Klaas De Craemer ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
make appropriate changes in radiusd.conf & eap.conf for the authentication method you want to use Pradeep--Message: 3Date: Sat, 8 Jul 2006 15:27:31 +0200From: "Klaas De Craemer" <[EMAIL PROTECTED]>Subject: Re: Windows XP keeps "verifying identity" To: freeradius-users@lists.freeradius.orgMessage-ID:<[EMAIL PROTECTED] >Content-Type: text/plain; charset=ISO-8859-1; format=flowedOw, I forgot to say that I'm trying to use EAP-TLS...2006/7/8, Klaas De Craemer <[EMAIL PROTECTED] >...---List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlEnd of Freeradius-Users Digest, Vol 15, Issue 23 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Windows XP keeps "verifying identity"
Do you mean the so-called "xpextensions" (1.3.6.1.5.5.7.3.2 for the client and .1 for the server)? I have used them to generate the certificates... "Klaas De Craemer" wrote: I have been trying to set up an Access Point on a soekris-board for some days now, but I keep getting stuck. The certificates are all in place, Freeradius starts up nicely, hostapd seems to work... But the trouble starts in Windows XP SP2: When I try to associate with the AP, it keeps sitting in a "Attempting Verification"-loop. You don't have the Microsoft OID's in the server certificate. See the documentation for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
"Klaas De Craemer" <[EMAIL PROTECTED]> wrote: > I have been trying to set up an Access Point on a soekris-board for > some days now, but I keep getting stuck. The certificates are all in > place, Freeradius starts up nicely, hostapd seems to work... But the > trouble starts in Windows XP SP2: When I try to associate with the AP, > it keeps sitting in a "Attempting Verification"-loop. You don't have the Microsoft OID's in the server certificate. See the documentation for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows XP keeps "verifying identity"
Ow, I forgot to say that I'm trying to use EAP-TLS... 2006/7/8, Klaas De Craemer <[EMAIL PROTECTED]> ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html