xp sp3 and freeradius 2.0.5

Matt Ashfield mda at unb.ca
Tue Jul 8 15:59:19 CEST 2008


I'm seeing the same problems with Vista devices:

Sending Access-Accept of id 12 to 131.202.9.32 port 2048
        User-Name = "u3t98"
        Tunnel-Private-Group-Id:0 = "Academic"
        Tunnel-Type:0 = VLAN
        MS-MPPE-Recv-Key =
0xce1ea72659c68cceba45498192e03bbb73292f9cdc314bbdea6e5ede0302b86a
        MS-MPPE-Send-Key =
0xe2cafe2564df85dd04dddb4816c00c8afeea831cbbdb444b45789625771f6c9c
        EAP-Message = 0x03180004
        Message-Authenticator = 0x00000000000000000000000000000000

Even though I have MPPE disabled in FR:

mschap {
                #
                #  As of 0.9, the mschap module does NOT support
                #  reading from /etc/smbpasswd.
                #
                #  If you are using /etc/smbpasswd, see the 'passwd'
                #  module for an example of how to use /etc/smbpasswd

                # if use_mppe is not set to no mschap will
                # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
                # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
                #
                #use_mppe = no
                 use_mppe = no

Thoughts?


Matt Ashfield
mda at unb.ca


-----Original Message-----
From: freeradius-users-bounces+mda=unb.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+mda=unb.ca at lists.freeradius.org] On Behalf
Of SecureW2 (List)
Sent: Monday, July 07, 2008 10:58 AM
To: 'FreeRadius users mailing list'
Subject: RE: xp sp3 and freeradius 2.0.5

Dear Oxiel,

Are you using wired or wireless 802.1x?

I have been seeing issues on Windows XP SP3 WIRED 802.1X configurations when
the MPPE keys are being sent by the RADIUS server (which are not used in
(most) wired 802.1X setups): 

>Sending Access-Accept of id 8 to 192.168.100.245 port 5001
>        User-Name = "host/caja02.cosmart.bo"
>        MS-MPPE-Recv-Key =
0xbc92e431af5c7ffb4d5b7995391751603d37b0f0ff4b90fbfecd1785d2d987b9
>        MS-MPPE-Send-Key =
0x298436d731ecef7178d901f10b1654124cb4b52e1e1ed23fd33b1ec32476b480
>        EAP-Message = 0x03090004
>        Message-Authenticator = 0x00000000000000000000000000000000

If you are using wired try disabling the MPPE keys in Freeradius.

Regards,

Tom

> -----Oorspronkelijk bericht-----
> Van: freeradius-users-bounces+list=securew2.com at lists.freeradius.org
> [mailto:freeradius-users-bounces+list=securew2.com at lists.freeradius.org]
> Namens Ivan Kalik
> Verzonden: maandag 7 juli 2008 15:32
> Aan: freeradius-users at lists.freeradius.org
> Onderwerp: Re: xp sp3 and freeradius 2.0.5
> 
> >Has anybody achieved to authenticate xp sp3 with default 802.1x client to
> freeradius ?
> 
> You!
> 
> >Sending Access-Accept of id 8 to 192.168.100.245 port 5001
> >        User-Name = "host/caja02.cosmart.bo"
> >        MS-MPPE-Recv-Key =
> 0xbc92e431af5c7ffb4d5b7995391751603d37b0f0ff4b90fbfecd1785d2d987b9
> >        MS-MPPE-Send-Key =
> 0x298436d731ecef7178d901f10b1654124cb4b52e1e1ed23fd33b1ec32476b480
> >        EAP-Message = 0x03090004
> >        Message-Authenticator = 0x00000000000000000000000000000000
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list