freeRADIUS and WPA-2 Enterprise

Ivan Kalik tnt at kalik.net
Sat May 17 01:03:47 CEST 2008 

Go to 802.1x XP supplicant configuration. Below the box where you choose
between certificate and PEAP authentication is a button Properties.
Click on that and uncheck the Validate server certificate box.

Ivan Kalik
Kalik Informatika ISP


Dana 16/5/2008, "William E. Russell" <wrussell at incnetworks.com> piše:

>All,
>
>We are trying to setup WPA2 Enterprise authentication to work with the
>FreeRadius server. We have configured EAP-PEAP authentication. We have
>installed all the certificates and corrected the EAP.conf certificate paths.
>We tried to connect from the supplicant from Windows XP. Windows asked for
>the login/password and this is the output of the radiusd -X. The user is
>configured in the users file. We couldn't see any error, however the
>authentication didn't succeed.
>
>Can anyone help?
>
>----------
>Listening on authentication address * port 1812
>Listening on accounting address * port 1813
>Listening on proxy address * port 1814
>Ready to process requests.
>        User-Name = "Sushil"
>        NAS-IP-Address = 172.27.10.54
>        Called-Station-Id = "001d7ef3e8d2"
>        Calling-Station-Id = "0019d24ee9a8"
>        NAS-Identifier = "001d7ef3e8d2"
>        NAS-Port = 15
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message = 0x0202000b0153757368696c
>        Message-Authenticator = 0x8ee1244bc3cdc5889f20f495cfb28373
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "Sushil", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>  rlm_eap: EAP packet type response id 2 length 11
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>    users: Matched entry Sushil at line 126
>++[files] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>+- entering group authenticate
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>++[eap] returns handled
>        EAP-Message = 0x010300061920
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xe5e45815e5e741bebb28e527c6b37a8d
>Finished request 0.
>Going to the next request
>Waking up in 4.9 seconds.
>Cleaning up request 0 ID 1 with timestamp +35
>Ready to process requests.
>        User-Name = "Sushil"
>        NAS-IP-Address = 172.27.10.54
>        Called-Station-Id = "001d7ef3e8d2"
>        Calling-Station-Id = "0019d24ee9a8"
>        NAS-Identifier = "001d7ef3e8d2"
>        NAS-Port = 15
>        Framed-MTU = 1400
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message = 0x0200000b0153757368696c
>        Message-Authenticator = 0xc7c1127b55267c9b175f4af387037759
>+- entering group authorize
>++[preprocess] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>    rlm_realm: No '@' in User-Name = "Sushil", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>++[suffix] returns noop
>  rlm_eap: EAP packet type response id 0 length 11
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns notfound
>    users: Matched entry Sushil at line 126
>++[files] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>rlm_pap: Found existing Auth-Type, not changing it.
>++[pap] returns noop
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>+- entering group authenticate
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>++[eap] returns handled
>        EAP-Message = 0x010100061920
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xabace459abadfd4a371c1e7c34cafda3
>Finished request 1.
>Going to the next request
>Waking up in 4.9 seconds.
>Cleaning up request 1 ID 1 with timestamp +144
>Ready to process requests.
>
>William E. W. Russell
>Member of Technical Staff (Software Development)
>198 Brighton Avenue
>Long Branch, New Jersey 07740
>Home #: 732-752-2037
>Cell #: 732-744-6483
>
>-----Original Message-----
>From: freeradius-users-bounces+wrussell=incnetworks.com at lists.freeradius.org
>[mailto:freeradius-users-bounces+wrussell=incnetworks.com at lists.freeradiuso
>rg] On Behalf Of A.L.M.Buxey at lboro.ac.uk
>Sent: Wednesday, May 14, 2008 2:11 PM
>To: FreeRadius users mailing list
>Subject: Re: freeRADIUS and WPA-2 Enterprise
>
>Hi,
>> All,
>>
>> I have recently set up a freeRADIUS v2 server and would like some help
>> configuring the server to use WPA-2 Enterprise. I was wondering if anyone
>> had any tutorials, .conf files, etc. that would assist me in setting up my
>> server with the correct configuration. I have noticed some help on the
>> Internet, but most of the help is directed towards freeRADIUS v1, so I
>need
>> v2-specfic help. Thanks.
>
>a lot of the things regarding authorization, authentication,
>SQL and LDAP is true for v2 as it is for v1
>
>when you say 'set up a freeradius v2 server' what have you done?
>ouyt of the box as a straight install, FR2 is ready to handle
>WPA2-enterprise.  all you need to do is install your own certs,
>or make the default ones longer lasting and suitable for you (by
>editing the server.cnf and client.cnf stuff and rerunning the
>bootstrap), then add NAS devices to clients.conf and ensure
>that the authentication you want to use is configured correctly.
>
>whatever you do, dont madly hack and edit down the default config files!
>
>alan
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list