question about windows users

Bartosz Chodzinski bartosz.c at gmail.com
Mon May 25 08:28:52 CEST 2009 

>>So, check EAP settings on your windows machine - have you cleared server
certificate validation box?
yes I tried with such settings, after that my freeradius -X logs:

rad_recv: Access-Request packet from host 192.168.5.206 port 1812, id=245,
length=147
        NAS-IP-Address = 192.168.5.206
        NAS-Port = 50046
        NAS-Port-Type = Ethernet
        User-Name = "user_certificate"
        Called-Station-Id = "00-0C-30-81-9B-EE"
        Calling-Station-Id = "00-0A-E4-13-1A-02"
        Service-Type = Framed-User
        Framed-MTU = 1500
        EAP-Message = 0x0201001501757365725f6365727469666963617465
        Message-Authenticator = 0x2329ec2c85dc1d283a985e213260a2c4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "user_certificate", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 245 to 192.168.5.206 port 1812
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7895d3087897cab912734ed23163fd96
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 245 with timestamp +137
Ready to process requests.


On Wed, May 20, 2009 at 10:24 PM, Ivan Kalik <tnt at kalik.net> wrote:

> >> Check connection settings on Windows machine.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> > I am using a standard settings of eap.conf
> > when I change eap.conf to:
> > #               default_eap_type = md5
> >                 default_eap_type = peap
> >
>
> That's not Windows machine - that's on your radius server. Changing that
> is cosmetic - it won't do anything substantial.
>
> http://deployingradius.com/
>
> Have you read this? You are trying to do step 4 without sorting out step
> 2. So, check EAP settings on your windows machine - have you cleared
> server certificate validation box?
>
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090525/ab765b6e/attachment.html>

More information about the Freeradius-Users mailing list