Thanks for answers! Phil Mayers schrieb:
On 18/05/11 16:26, Simon L. wrote:
Using WPA2-Enterprise results in Access-Rejects after one Request.
That is not normal. WPA2 should be the same as WPA at the radius level.
I'll give it another try this evening.
Using WPA-Enterprise results in about nine different Access-Challanges and one final Access-Accept - that cant be right.
That is normal. EAP exchanges are usually 9/10 request/challenge pairs followed by a final request/accept.
What exactly is your problem?
Lack of knowledge :) If that challenges are necessary than i got no problem at this point. Thanks for the info!
I have set up a testing scenario with the local test user bob. If local authentication works properly i want to proxy all requests without EAP to another freeradius server. I will have questions to that later :)
radtest from localhost an remotehost succeeded.
Sorry - radtest does not do EAP. radtest is not a valid test.
I know, i just followed the FAQ for using the mailinglist on freeradius.org. Just to verify that the very basics are working.
I dont get a clue if the Problem is Windows, Certificates, Network oder simply misconfigured freeradius.
You haven't told us what the problem is. WPA-Enterprise is working for you - the radius server is sending an access-accept. What problem are you experiencing?
As you told me above, i know -now- there is no Problem with that. :)
certificates: - i build the certs with and without that windows extension OID in server.cnf with make from ../raddb/certs
Why? You MUST include the OID.
I was not sure about if its recommend for Windows 7 too cause everywhere its mentioned with XP SP2+ only and not for later Windows in general.
- 2048 bit
Windows 7: - installed ca.der as root cert in win7 and configured it for the desired WiFi network - for my eyes no difference in debug logs if validate server cert or not.
"Validate server cert" is done on the client. You won't see any difference on the server.
- unchecked using windows user or domain for auth - EAP comes with PEAP/MSCHAPv2 as default - but the certs are for eap - tls right?
PEAP uses TLS. PEAP needs certs too.
WAP: - WPA2 Enterprise with AES no accept packet possible until now
As above - that's not normal.
The debug you sent contains no reject. Please send a debug for this case.
I will generate a separate log for the WPA2 scenario soon.
- WPA Enterprise with AES results in that 9-times Challenges until accept
As above - this is normal
Access-Accept means everything is working.
You made my day!
If you are still having problems after the Access-Accept, you need to describe what those problems are.