PEAP problems, never see an Access-Accept
Jorgen Rosink
jrosink at gmail.com
Fri Feb 3 03:34:30 CET 2006
On 2/3/06, Alan DeKok <aland at ox.org> wrote:
> Jorgen Rosink <jrosink at gmail.com> wrote:
> > Had a hard time to even start FreeRadius on my Debian Unstable system
> > with a working PEAP module (yes, I'm aware of OpenSSL licences and
> > eap_tls / eap_peap linking problems with Debian, _now_ ;-) ) I'm
> > currently using the 20060202-snapshot. With this version (also tried
> > 20060130, same behaviour) I'm able to create PEAP enabled Debian
> > packages, after manually editing. the pcap section in the main
> > Makefile.
>
> I'd suggest using 1.1.0, unless you're willing to work with an
> unstable vesion of FreeRADIUS.
I'd like to, but I'm unable to build working Debian packages with both
the official source 1.1.0 and the Debian upstream one (override
libssl-dev build conflict). The symlinks in my Freeradius libdir for
both eap_tls & eap_peap are invalid with this version (1.0.5 also
failed).
>From what I understand this should be fixed in 1.1.0, but as mentioned
earlier, the latest snapshots are the only ones working here, with
PEAP that is.
>
> > The problem now is that I'm trying to authenticate a default WindowsXP
> > SP2 supplicant (ipw2200 nic) with PEAP, mschapv2 and a HP ProCurve
> > 520WL Access Point in 802.1x mode (latest firmware). Below my
> > FreeRadius startup and a attempt to authenticate, could someone please
> > point me in a direction what's going on, I've no clue what's wrong...
>
> The symptom that Windows stops talking to the RADIUS server usually
> means that the server certificate doesn't contain the magic windows
> OID's. See the scripts/ directory for samples of how to create certs
> with the right stuff.
That did the trick, thank you very much!!!
More information about the Freeradius-Users
mailing list