<p>Freeradius is configured to use peap/mschapv2 with Active Directory.  We created the certificate with the required extensions.  Windows 7 is working but Windows XP with service pack 3 is only working when using its Intel Proset Wireless utility (with and without certicate validation).  It does not work with its native client not even when disabling validation of the server certificate.  We noticed that it authenticates successfully but then it disconnects.<br>
 <br>FreeRADIUS Version 2.1.7, for host i386-redhat-linux-gnu, built on Dec 30 2009 at 13:47:58</p>
<p><br>Sending Access-Challenge of id 56 to 10.2.2.2 port 1645</p>
<p> EAP-Message = 0x010300061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc8798165c87a987dbec3195d12e082e4<br>Finished request 22.</p>
<p>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.2.2.2 port 1645, id=57, length=233</p>
<p> User-Name = "testuser"<br> Framed-MTU = 1400<br> Called-Station-Id = "00-19-56-B0-90-18"<br> Calling-Station-Id = "00-1B-77-89-0E-6D"<br> Service-Type = Login-User<br> Message-Authenticator = 0x9dd7590ca977a2f03cb76f4b5edbde07<br>
 EAP-Message = 0x0203005719800000004d16030100480100004403014f03a34ae5fe3cfedf9316ea7e560abfb58e89c2dae7ae6c6283bffea9acf53c00001600040005000a0009006400620003000600130012006301000005ff01000100</p>
<p> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 19655928<br> NAS-Port-Id = "19655928"<br> State = 0xc8798165c87a987dbec3195d12e082e4</p>
<p> NAS-IP-Address = 10.2.2.2<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log]  expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.2.2.2/auth-detail-20120103">10.2.2.2/auth-detail-20120103</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.2.2.2/auth-detail-20120103">10.2.2.2/auth-detail-20120103</a><br>[auth_log]  expand: %t -> Tue Jan  3 18:51:19 2012<br>
++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No <a href="mailto:'@'">'@'</a> in User-Name = "testuser", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>- Show quoted text -<br>Sending Access-Challenge of id 57 to 10.2.2.2 port 1645<br> EAP-Message = 0x0104040019c000000ed816030100310200002d03014f03a28702df642ca5039e264f0b999dc0f70726483fd1c8f098fa7054fb4f4b000004000005ff010001001603010e940b000e90000e8d0005833082057f30820467a00302010202105ed6e6fd6f3ad08e152a3b071ff3a04c300d06092a864886f70d01010505003051310b300906035504061302555331123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311b301906035504031312496e436f6d6d6f6e20536572766572204341301e170d3131313231363030303030305a170d3134313231353233353935395a3081d3310b3009060355040613</p>

<p> EAP-Message = 0x025553310e300c060355041113053738353230310b3009060355040813025458311430120603550407130b42726f776e7376696c6c65311630140603550409130d383020466f72742042726f776e312f302d060355040a132654686520556e6976657273697479206f662054657861732061742042726f776e7376696c6c65312f302d060355040b132654686520556e6976657273697479206f662054657861732061742042726f776e7376696c6c65311730150603550403130e6f73707265792e7574622e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100b3efbe37fee5602fbecf516c5aebcba16b22ae<br>
 EAP-Message = 0x87a73ec0f244cc8f51126b32dcf84352246a6edd26ffbf788f1b4d9560cffdd6c3cb1ddb54fdbd3dedfbbf84eba95fb6fff22b6cfaf1edb3c9e80017cfceb0938e0391cd5906fc252c8530608f09c70f289d9227e13a0b797aba45098d992fa7d1e64a24d475523c3541b9fa37f003a917bb407a866172640fdd93545da43c0ad333dd2c2d12acf80351ff022cbfe6b6954de284a7d041a6305bc9064fcbe2151cb2ad90d66004815358423731936a0ece44113921c314d9005d1403aeb9625671669df6bc2514cb88ccece09cc007d1041473662f836ce777873ab58551b5c2a6a9bb4e692fe23fcac4e94b0b0203010001a38201ce308201ca301f06<br>
 EAP-Message = 0x03551d23041830168014484f5afa2f4a9a5ee050f36b7b55a5def5be345d301d0603551d0e04160414684f11af8f1e2d124370e48bc48fc76a823b7563300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b06010505070302305d0603551d20045630543052060c2b06010401ae2301040301013042304006082b06010505070201163468747470733a2f2f7777772e696e636f6d6d6f6e2e6f72672f636572742f7265706f7369746f72792f6370735f73736c2e706466303d0603551d1f043630343032a030a02e862c687474703a2f2f63726c2e696e636f6d6d<br>
 EAP-Message = 0x6f6e2e6f72672f496e436f6d<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc8798165c97d987dbec3195d12e082e4<br>Finished request 23.</p>
<p>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.2.2.2 port 1645, id=58, length=152</p>
<p> User-Name = "testuser"<br> Framed-MTU = 1400<br> Called-Station-Id = "00-19-56-B0-90-18"<br> Calling-Station-Id = "00-1B-77-89-0E-6D"<br> Service-Type = Login-User<br> Message-Authenticator = 0x1ca2ef2141258b5b61880ea68486371e</p>

<p> EAP-Message = 0x020400061900<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 19655928<br> NAS-Port-Id = "19655928"<br> State = 0xc8798165c97d987dbec3195d12e082e4</p>
<p> NAS-IP-Address = 10.2.2.2<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log]  expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.2.2.2/auth-detail-20120103">10.2.2.2/auth-detail-20120103</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.2.2.2/auth-detail-20120103">10.2.2.2/auth-detail-20120103</a><br>[auth_log]  expand: %t -> Tue Jan  3 18:51:19 2012<br>
++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No <a href="mailto:'@'">'@'</a> in User-Name = "testuser", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>[eap] EAP packet type response id 4 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>
[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>Sending Access-Challenge of id 58 to 10.2.2.2 port 1645</p>
<p> EAP-Message = 0x010503fc19406d6f6e53657276657243412e63726c306f06082b0601050507010104633061303906082b06010505073002862d687474703a2f2f636572742e696e636f6d6d6f6e2e6f72672f496e436f6d6d6f6e53657276657243412e637274302406082b060105050730018618687474703a2f2f6f6373702e696e636f6d6d6f6e2e6f7267303c0603551d1104353033820e6f73707265792e7574622e656475820f77616c6c6163652e7574622e656475821077616c6c616365322e7574622e656475300d06092a864886f70d01010505000382010100580d1947654343a850bb6f6fcf396d7896e1cbf3984f9647720c04be79901faf6eefd776d9<br>
 EAP-Message = 0x54d61a7b5c1c085c89d86b0b9e3a6249973fc43164deb7cb68f28c27f2fb98a7eb051f102016a904b436245ec3a3acc3a9702238aec914c680bf5df6779002909fb571ba5fa188cc1f0ae8faee1381731e04fb48983fb1771e196471f923f13fd100700bd6ba40f3a622db305b2a78a13b2bd8dc758e341b8fd0e3436e01b656c19a18dcf489aea2e187645a7895f7b31c78ef1cb14afe07bb3328e08a1052b8c2c77416d46085b309a7a0465856f04a4e75b8fdce88ee593d19d62fd6eab34875b0ccd35b3cab55ddb456994e8d78b5af35cf3f80bf630f5c971c0004c7308204c3308203aba00302010202107f71c1d3a226b0d2b113f3e68167643e<br>
 EAP-Message = 0x300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3130313230373030303030305a170d3230303533303130343833385a3051310b300906035504061302555331123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311b301906035504031312496e436f6d6d6f6e2053657276657220434130820122300d06092a86<br>
 EAP-Message = 0x4886f70d01010105000382010f003082010a0282010100977cc7c8feb3e9206aa3a44f8e8e345606b37a6caa109b48612b369069e3340a47a7bb7bdeaa6afbeb82958fca1d7faf75a6a84cda2067611a0d86c1cac187afac4ee4de621b2f9db198afc601fb1770dbac1459ec6f3f337fa6980be4e238aff57f856d0e74049df62786c79b8fe7712a08f403024063247d40578f54e0547eb6134861f1dece0ebdb6fa4d98b2d90d8d79a6e0aacd0c919aa5dfab73bbca14785c4729a1cac5ba9fc7da60f7ffe77ff2d9daa12d0f4916a7d30092cf8a47d94df8d59566d374f98063004f4c84161fb3f5241fa14edee895d6b20b098b2c6bc75c2f8c63c9<br>
 EAP-Message = 0x99cb52b1627b7301<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc8798165ca7c987dbec3195d12e082e4<br>Finished request 24.</p>
<p>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.2.2.2 port 1645, id=59, length=152</p>
<p> User-Name = "testuser"<br> Framed-MTU = 1400<br> Called-Station-Id = "00-19-56-B0-90-18"<br> Calling-Station-Id = "00-1B-77-89-0E-6D"<br> Service-Type = Login-User<br> Message-Authenticator = 0x279a6dd0a68ef53a4e4cbafdd3b8fd55</p>

<p> EAP-Message = 0x020500061900<br> NAS-Port-Type = Wireless-802.11<br> NAS-Port = 19655928<br> NAS-Port-Id = "19655928"<br> State = 0xc8798165ca7c987dbec3195d12e082e4</p>
<div> NAS-IP-Address = 10.2.2.2<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>[auth_log]  expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://10.2.2.2/auth-detail-20120103">10.2.2.2/auth-detail-20120103</a><br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://10.2.2.2/auth-detail-20120103">10.2.2.2/auth-detail-20120103</a><br>[auth_log]  expand: %t -> Tue Jan  3 18:51:19 2012<br>
++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No <a href="mailto:'@'">'@'</a> in User-Name = "testuser", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>[eap] EAP packet type response id 5 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>
[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>Sending Access-Challenge of id 59 to 10.2.2.2 port 1645<br> EAP-Message = 0x010603fc1940627f636cd868a0ee6aa88d1f29f3d018acad02030100</div>
<div> </div>
<div> </div>
<div>Thanks.</div>