Need help setting up PEAP authentication

[Stefan Winter]

Hi,

> I'm trying to setup freeradius to authenticate users of my wireless
> networks and I'm facing some problems. I've tried to follow the guide
> located at http://www.tldp.org/HOWTO/8021X-HOWTO/ , which explains
> exactly the setup I would like (that is, authentication with username /
> password credentials).

Fair enough, a common thing to do.

> So I've setup freeradius like explained (I've already have everything
> needed for ssl, CA root certificate and server certificate), and I've
> configured my access point to use my radius server.

Great.

> So when I try to login, for example with wpa_supplicant, it tolds me
> that authentication with MSCHAPv2 went ok, and then 30 seconds later it
> says "Authentication timed out", and it tries to re authenticate. So I'm
> able to use my wireless network 30 seconds only (for example if I start
> up a dhcp client then I get an IP) before I'm re authenticated.
>
> I've also tried with a Windows XP client, and it continues asking me my
> credentials.

You did think of adding the Microsoft TLS Web Server Authentication OID?

> Here is what is displayed in the logs (without verbose mode):
> Error:     TLS_accept:error in SSLv3 read client certificate A
> Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
> Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
> Info: rlm_eap_mschapv2: Issuing Challenge

Which is completely useless for debugging. This is *normal* with PEAP. If you 
want people here to help, you should do as the FAQ tells you and send a 
*complete* *debug* log.

> So does someone have a working freeradius configuration to share with me
> ? Or some tips to get it working ?

I would exchange tipps for a decent debug log.

Greetings,

Stefan Winter

-- 
Stefan WINTER

Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche - Ingénieur de recherche

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg