Authentication issues with Win7 and WPA/WPA2 Enterprise

Gary Gatten Ggatten at waddell.com
Wed May 18 19:41:13 CEST 2011 

I have a 2.1.10 server we are tesing with, but I thought the patch you mentioned wasn't in 2.1.10, I think Alan said he'd put it in 3.x?

We will be testing passing the entire *eap session to FR this afternoon.

----- Original Message -----
From: Phil Mayers [mailto:p.mayers at imperial.ac.uk]
Sent: Wednesday, May 18, 2011 12:29 PM
To: freeradius-users at lists.freeradius.org <freeradius-users at lists.freeradius.org>
Subject: Re: Authentication issues with Win7 and WPA/WPA2 Enterprise

On 18/05/11 17:10, Gary Gatten wrote:
> I would LOVE if W7 just worked!  People here are blaming FR and I'm
> trying to convince them it has nothing to do with it, but since the
> MSCHAP challenges / responses are hashed I can't PROVE it to them.

As per previous posts:

Your Aruba wireless equipment is:

  a. Terminating the outer EAP-PEAP
  b. Translating the inner EAP-MSCHAPv2 to plain MS-CHAPv2

I strongly suspect this will be causing the problems you are having, and 
I even suspect I know how - I think it's probably clients typing in 
their username in mIxEd-CaSe, which will cause cryptographich (hash) 
mismatches at client and server without careful preservation of the EAP 
payload.

As per Neal Garber's post of 10th May, even FreeRADIUS had problems with 
this prior to 2.1.10

Are you / have you been able to:

  1. stop terminating the PEAP on the Aruba
  2. upgrade to FreeRADIUS 2.1.10

?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>

More information about the Freeradius-Users mailing list