PEAP with Machine auth

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Wed Oct 26 16:06:59 CEST 2011


Ok, I have been watching your discourse from afar and I have to say this:

> This kind of Q&A thing helps no one here! ...

Two things.  Number one, he IS answering your questions.  He is just not GIVING you the answer.  Number two, the gentleman in question is quite possibly the preeminent FreeRADIUS expert in the world.  When he tells you something about FreeRADIUS, you should listen.

Sorry, I am not trying to be too blunt.   But when an expert speaks, you should listen.  This is true in any area.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221

From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of Sergio NNX
Sent: Wednesday, October 26, 2011 8:47 AM
To: freeradius-users at lists.freeradius.org
Subject: RE: PEAP with Machine auth

This kind of Q&A thing helps no one here! Many people are reporting the same issue on different platforms! I don't think the problem is either with the client or the certificates since I conducted some testing using the same client and the same certificates but an old FR version (1.1.7) and the tests pass. It's easier to blame something else but we could spend that time contributing to the solution and so helping others!


> Date: Wed, 26 Oct 2011 15:36:19 +0200
> From: aland at deployingradius.com<mailto:aland at deployingradius.com>
> To: freeradius-users at lists.freeradius.org<mailto:freeradius-users at lists.freeradius.org>
> Subject: Re: PEAP with Machine auth
>
> Phil Mayers wrote:
> > Seriously - it's important to understand that the CLIENT stops
> > responding. FreeRADIUS can't do anything more in this case - the client
> > has stopped sending EAPOL packets, so the client must think that
> > something is wrong.
>
> That's the main issue people have with RADIUS. The client is in
> charge of pretty much everything, and few people understand that.
>
> Q: Why does the client stop talking to the server?
> A: Because it doesn't like the response from the server
>
> Q: OK... *what* part of the response doesn't it like?
> A: Go ask the client
>
> Q: But I can't! What do I do?
> A: well... we don't know, either. Go ask Microsoft.
>
> > You will have to debug the client. This is very very painful on Windows;
> > it's hard to even find the EAPOL debugging options, let alone interpret
> > the results.
>
> Yes. Everyone reading this list should understand CLIENT issues cause
> you to debug the CLIENT.
>
> If the server returns the wrong thing... you can fix the server. Fort
> pretty much everything else, blame the client.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111026/6088edb3/attachment.html>


More information about the Freeradius-Users mailing list