{Spam?} Re: Freeradius 1.2.3 and Windows 7

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Wed Oct 20 16:48:13 CEST 2010 

It may be just me, but when they told you to upgrade they probably meant
to the latest 2.X release.

Is there a specific reason that you need to stay on a 1.X release?   I
only ask because you may be needlessly complicating your life by using
ancient software.

Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221



-----Original Message-----
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of Krzysztof Srokowski
Sent: Wednesday, October 20, 2010 9:16 AM
To: 'FreeRadius users mailing list'
Subject: RE: {Spam?} Re: Freeradius 1.2.3 and Windows 7

Ok. i made an upgrade, but when i test it without certificate
verification Windows 7 is not asking me for user and password, but sends
"host/name_of_the_host". I unchecked in connect properities to use same
login and password as I log in into machine..

-----Original Message-----
From:
freeradius-users-bounces+k.srokowski=gdansk.gda.pl at lists.freeradius.org
[mailto:freeradius-users-bounces+k.srokowski=gdansk.gda.pl at lists.freerad
ius.
org] On Behalf Of Alan DeKok
Sent: Wednesday, October 20, 2010 9:03 AM
To: FreeRadius users mailing list
Subject: {Spam?} Re: Freeradius 1.2.3 and Windows 7

Krzysztof Srokowski wrote:
> I`m sorry, I`m using pfSense release 1.2.3, with freeradius package
1.1.2_1 (latest)

  Uh... upgrade.  1.1.2 is *very* old.  It's very likely that it won't
work with recent versions of Windows.  Fixes to work around Windows
"issues" went into later versions of the server, and aren't in 1.1.2.

> Below I describe my configuration;
> 
> 1. pfSense with freeradius 1.1.2_1
> 2. Access Point Linksys WRT54G
> 3. Clients Windows XP SP3 and Windows 7
> 
> My goal was to create WiFi access with WPA2 (AES) +
EAP-PEAP(MSCHAPv2).
For tests I generated server certificate from my own CA. Both
certificates CA certificate, and server certificate was transferred to
freeradius server and configured in eap.conf file in tls section. I made
also other configurations to use peap protocol and mschapv2. 
>
> The second step was the clients. My root CA certificate was installed 
> to
certificate repo in system. I checked all required options in connection
properities like (use WPA2 with AES, PEAP, verify server certificate
also with root CA certificate which was imported before). When I tried
to connect from XP client everything is fine, client is authorized and
connection works without problem. But from Windows 7 client its not.
Same configuration, same settings, and I get error in radius.log:
> 
> ----
> " Tue Oct 19 13:01:06 2010 : Error: TLS Alert read:fatal:unknown CA
> Tue Oct 19 13:01:06 2010 : Error:     TLS_accept:failed in SSLv3 read
> client certificate A
> Tue Oct 19 13:01:06 2010 : Error: rlm_eap: SSL error 
> error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Tue Oct 19 13:01:06 2010
:
Error: rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session
fails.
> Tue Oct 19 13:01:06 2010 : Auth: Login incorrect:
> [host/um4910142413/<no User-Password attribute>] (from client WRT54G 
> port
35 cli 000e2e950bbd) "

  <shrug>  Those error messages are pretty definitive.

  In any case, I wouldn't bother trying to track down the problem.
Install 2.1.10, and then follow the EAP / Windows instructions on my web
site: http://deployingradius.com

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list