I can see from searching the mailing list that this has been asked many
times, but what I can't seem to locate are config examples or a good howto
on setting everything up.
I have the radius server set up -- and it appears to work on, but I am not
sure what I am lacking/doing wrong on the AP.
I
Here's a config template I use for Cisco 1120 AP's.Try this and see
if it works for you.
!#
! Basic config template for Cisco IOS Access Points
! 4/20/2004 - BDM - I've tested it with 1120's but should work with
1200's
Corp.
http://www.esnet.com
813.301.2620 (o)
813.545.7373 (c)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 2:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Here's a config
Clayton Dukes [EMAIL PROTECTED] wrote:
I'm connecting now but getting an Auth failure.
You are setting Auth-Type := LDAP somewhere. Don't do that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
http://www.esnet.com
813.301.2620 (o)
813.545.7373 (c)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 2:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Here's a config
Well, I want that -- can I not use LDAP to authenticate the users?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Friday, April 23, 2004 3:18 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 3:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
I don't know much about the the LDAP module, but it sure looks like it's not
returning a password
Solutions Corp.
http://www.esnet.com
813.301.2620 (o)
813.545.7373 (c)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 2:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP
]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Friday, April 23, 2004 3:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton Dukes [EMAIL PROTECTED] wrote:
Well, I want that -- can I not use LDAP to authenticate the users?
No.
The packet
: Friday, April 23, 2004 4:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
WinXP doesn't pop up a dialog box asking for your username
and password?
On Apr 23, 2004, at 2:22 PM, Clayton Dukes wrote:
As far as I can tell, the username is getting
Clayton Dukes [EMAIL PROTECTED] wrote:
Hmmm, I believe that is what I have done.
shrug Nothing in the default configuration of the server sets
Auth-Type to LDAP. So you must have edited something to set it in
your local system.
a) find out what you edited
b) look at the debug trace to
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 3:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
WinXP doesn't pop up a dialog box asking for your username and
password?
On Apr 23, 2004, at 2:22 PM, Clayton
On Fri, 2004-04-23 at 16:17, Clayton Dukes wrote:
Well, I want that -- can I not use LDAP to authenticate the users?
Read up on the difference between Authorize and Authenticate. You want
to use LDAP for the former, not the latter. Once you understand that,
Alan's emails will start making
}
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Friday, April 23, 2004 3:42 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton Dukes [EMAIL PROTECTED] wrote:
Hmmm, I believe that is what I have
Clayton Dukes [EMAIL PROTECTED] wrote:
Sorry, I must have misunderstood. Forgive me...If I turn off LDAP in the
authenticate section,
Did I say to do that? No. Go back and read what I said.
If you're retrieving passwords from the LDAP directory, then setting
Auth-Type := LDAP is not only
Finished request 4
Going to the next request
Waking up in 6 seconds...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Friday, April 23, 2004 4:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP
Finished request 4
Going to the next request
Waking up in 6 seconds...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Friday, April 23, 2004 4:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton
Well poop...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 5:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
If your not getting an IP it's still not working
Clayton Dukes [EMAIL PROTECTED] wrote:
Well, I have it working, at least it appears to be, but I am still not
getting an ip on the laptop -- do I need to pass the dhcp server somewhere?
No. The client should send a broadcast DHCP request, and the dhcp
server should pick that up.
Alan
...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bob
McCormick
Sent: Friday, April 23, 2004 5:10 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
If your not getting an IP it's still not working... The only times
I've had
PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton Dukes [EMAIL PROTECTED] wrote:
Well, I have it working, at least it appears to be, but I am still not
getting an ip on the laptop -- do I need to pass the dhcp server
somewhere?
No. The client should send a broadcast DHCP
: Friday, April 23, 2004 5:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton Dukes [EMAIL PROTECTED] wrote:
Well, I have it working, at least it appears to be, but I am still not
getting an ip on the laptop -- do I need to pass the dhcp server
somewhere
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Friday, April 23, 2004 5:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 1100 AP and XP Client using tls (PEAP)
Clayton Dukes [EMAIL PROTECTED] wrote:
Well, I have it working, at least it appears to be, but I am
:[EMAIL PROTECTED] On Behalf Of Clayton
Dukes
Sent: Friday, April 23, 2004 6:11 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 1100 AP and XP Client using tls (PEAP)
Here's my latest error...
TLS_accept:error in SSLv3 read client certificate A
Did I screw up the certificates?
-Original Message
: Cisco 1100 AP and XP Client using tls (PEAP)
If it's working you should get something like this at the end of the
debugs:
modcall: group authenticate returns ok for request 8 Sending Access-Accept
of id 47 to 10.140.24.12:21666
Session-Timeout := 300
MS-MPPE-Recv-Key
)
813.545.7373 (c)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Clayton
Dukes
Sent: Friday, April 23, 2004 6:11 PM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 1100 AP and XP Client using tls (PEAP)
Here's my latest error...
TLS_accept:error in SSLv3 read
26 matches
Mail list logo