Freeradius-2.0.5 and Vista SP2

M.K. tenNapel mario at winterfell.nl
Fri Sep 18 12:51:54 CEST 2009 

Hi,

I have protected my wireless network with Freeradius-2.0.5, running on
my Gentoo server. All the clients have to authenticate themselves with
an SSL-certificate, before access to the wireless network is granted.

This has always worked fine for Linux (Ubuntu 9.0.4) windows-XP (SP3)
and windows-Vista (SP1) However, since I upgraded 2 Vista laptops to
SP2, they won't connect to my wirelessnetwork anymore.

This is what Freeradius in debug-mode says:
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.123 port 2049, id=2, length=133
    User-Name = "Pietje Puk"
    NAS-IP-Address = 192.168.1.123
    Called-Station-Id = "00226b8676fb"
    Calling-Station-Id = "00215c2dd5ef"
    NAS-Identifier = "00226b8676fb"
    NAS-Port = 23
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x0200000f014e656c6c79204f6f7374
    Message-Authenticator = 0x3ef0b2f9fac3b12b6476a230651a27f2
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "Pietje Puk", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 0 length 15
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry Pietje Puk at line 18
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.1.123 port 2049
    EAP-Message = 0x010100060d20
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x2ef5a31f2ef4aea21b4d93bd7a29a8b3
Finished request 0.

Going to the next request
Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.1.123 port 2049, id=2, length=142
Cleaning up request 0 ID 2 with timestamp +17
    User-Name = "Pietje Puk"
    NAS-IP-Address = 192.168.1.123
    Called-Station-Id = "00226b8676fb"
    Calling-Station-Id = "00215c2dd5ef"
    NAS-Identifier = "00226b8676fb"
    NAS-Port = 23
    Framed-MTU = 1400
    State = 0x2ef5a31f2ef4aea21b4d93bd7a29a8b3
    NAS-Port-Type = Wireless-802.11
    EAP-Message = 0x020100060319
    Message-Authenticator = 0x9840aa9e1d5478eb7e05a8184aad0e91
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "Pietje Puk", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry Pietje Puk at line 18
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: NAK asked for unsupported type 25
 rlm_eap: No common EAP types found.
  rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [Pietje Puk/<via Auth-Type = EAP>] (from client AP_Radius_Beneden port 23 cli 00215c2dd5ef)
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> Pietje Puk
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 2 to 192.168.1.123 port 2049
    EAP-Message = 0x04010004
    Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 2 with timestamp +17
Ready to process requests.

I suppose this is where it goes wrong:
rlm_eap: No common EAP types found.
rlm_eap: Failed in EAP select
etc

Does someone else have trouble with Vista SP2? Or am I the only one?
Perhaps someone knows how to fix this?

Kind regards,
Marinus

More information about the Freeradius-Users mailing list