XP Extensions for PEAP/MSCHAPv2

Casartello, Thomas tcasartello at wsc.ma.edu
Fri May 30 16:14:34 CEST 2008 

I tried regenerating the certs using the bootstrap file (Which I saw includes the XP extensions with the certs that it generates.) I'm still running into the same issue. 

Here's my eap and mschap config..any other info I could show to help troubleshoot?

Eap.conf config:
    
    eap {
                default_eap_type = peap

                timer_expire     = 60
                ignore_unknown_eap_types = no
                
                cisco_accounting_username_bug = no
                md5 {
                }
                leap {
                }
                gtc {
                        auth_type = PAP
                }
     tls {
                        private_key_password = whatever
                        private_key_file = ${raddbdir}/certs/cert-srv.pem
                        certificate_file = ${raddbdir}/certs/cert-srv.pem
                        CA_file = ${raddbdir}/certs/demoCA/cacert.pem
                        dh_file = ${raddbdir}/certs/dh               
                        random_file = /dev/urandom
		}

                peap {
                        default_eap_type = mschapv2    
 			}
                mschapv2 {
                }       
        }             

Mschap config:
       mschap {
                with_ntdomain_hack = yes
                              ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%$
        }
Thomas E. Casartello, Jr.
Infrastructure Technician
Linux Specialist
Department of Information Technology
Westfield State College
Wilson 105-A
(413) 572-8245
E-Mail: tcasartello at wsc.ma.edu

Red Hat Certified Technician (RHCT)

-----Original Message-----
From: freeradius-users-bounces+tcasartello=wsc.ma.edu at lists.freeradius.org [mailto:freeradius-users-bounces+tcasartello=wsc.ma.edu at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, May 30, 2008 1:41 AM
To: FreeRadius users mailing list
Subject: Re: XP Extensions for PEAP/MSCHAPv2

Casartello, Thomas wrote:
> I have everything working, but I believe I’ve hit the problem with the
> OIDs windows needs for the SSL cert. I generated a key with openssl and
> a req and I actually have a real cert assigned for the server. How do I
> go about modifying my key and cert so that XP users will be able to
> connect? I can connect with other OSes.

  In 2.0, see raddb/certs/.  There are scripts and configurations to
make certificates that Windows will like.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list