(SOLVED) Re: PEAP or TTLS and Microsoft Vista.

Lech Karol Pawłaszek ike at szluug.org
Thu Jul 24 15:55:45 CEST 2008 

Phil Mayers wrote:
> Lech Karol Pawłaszek wrote:
>> SecureW2 (List) wrote:
>>> http://msdn.microsoft.com/en-us/library/aa813696(VS.85).aspx
>>
>> Nice article. However I don't understand a few things. What's "pdb
>> <pdbpath>"? I'm not good at Windows.
> 
> Good lord... they've made the EAP logging *worse*. I didn't think that 
> was possible.

:-)

[...]
> So, all is good. But about 5 seconds later:
> 
> [2108] 12:04:03.819 OneXIndicatePacket
> [2108] 12:04:03.819 Port(38): Received an Eap packet length=5, 
> type=EapRequestId, identifier=11, eapType=0
> <snip>
> [4924] 12:04:03.820 Port(38): Restarting authentication due to reason = 
> PeerInitiated
> 
> similarly in eaphost.txt:
> 
> [3432] 12:04:03.831 Received an identity request packet without an 
> active session - restart auth
> 
> Are you sure the problem is what you think it is?

Ok. You rock. It's 3com's fault. At least I believe so. I've upgraded 
3com 4500 switch firmware to the newest version on my test switch and 
when "user handshaking" is disabled everything works.

FWIW the previous firmware (which I use on production atm) doesn't have 
an option to disable user handshaking. Pity.

And to be clear - ALL OTHER OSes (namely MacOsX 10.4 Tiger, MacOsX 10.5 
Leopard, GNU/Linux <<a few ubuntu, fedora and debian systems>> and MS 
Windows XP <<exluding SP3>>) work with this feature enabled.

[...]
> Can you get a trace from both the windows machine and FreeRadius run 
> under "-X" at the *same time*? The "freeradius.log" in your original 
> email does not appear to be the same issue - that looks more like there 
> are no compatible EAP types at both ends.

Hm. The original "freeradius.log" contains logs when I tried to 
authenticate using Vista's built-in PEAP supplicant. Which - I suppose - 
says that Vista doesn't like my certificate.

OTOH "freeradius-securew2.log" contains logs when I tried to use 
secureW2 EAP suite which showed server-side of this issue. I was able to 
connect. Work for a minute or so. And suddenly... switch sends 
'handshake packet' which confuses Vista... and connection is dropped.

Anyway. Thanks everyone for help. I'll make some more testing and try to 
update firmware on production. I'll let you know if everything will be ok.

Kind regards,

-- 
Lech Karol Pawłaszek <ike>
"You will never see me fall from grace" [KoRn]

More information about the Freeradius-Users mailing list