I am succesfully doing this but with one glitch. It only works with WinXP as the supplicant.
The problem I can tell is with Certs, but I cannot figure out how to fix it.
So far the chipsets on the adapters is Atheros 5211 and Ralink rt2500. The ralinks authenticate fine using WinXP as supplicant, but fail using the ralink client software in Win2k and WinXP. The GN-WPEAG chipsets also fail using the supplied clients.
Is there something special to know or do to get certs.sh to work properly in Suse 9.3, so far I have only been able to get it to work by installing OpenSSL in USR/Local even though Suse 93 says it is already installed.
I am including two log peices, the 1st with WinXP as Authenticating and 2nd is Ralink utility on same machine failing to authenticate.
WINXP
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 180 to 10.10.4.20:2500
EAP-Message = 0x0104003119001403010001011603010020fb444951ea0360a043b79a34ac4ca533ae9744e6dc6fd7cda10c7b0470fbc55b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd86ec63a7680f4308aeb922aa999e201
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.4.20:2501, id=181, length=136
NAS-IP-Address = 10.10.4.20
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "dhesse"
Calling-Station-Id = "001109229950"
Called-Station-Id = "000e6acd7ff5"
NAS-Identifier = "dhlab_3com"
State = 0xd86ec63a7680f4308aeb922aa999e201
EAP-Message = 0x020400061900
Message-Authenticator = 0x76ad5ea260dbcc6ec8c011c9c7faa527
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "dhesse", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dhesse
radius_xlat: '(uid=dhesse)'
radius_xlat: 'o=StormLake'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user dhesse authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 181 to 10.10.4.20:2501
EAP-Message = 0x0105002019001703010015bc0c8b230b6818687fdf49953a86ea2a7c92d8f0be
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x34fc3101d2597dcae9f02eb68c529953
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.4.20:2502, id=182, length=164
NAS-IP-Address = 10.10.4.20
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "dhesse"
Calling-Station-Id = "001109229950"
Called-Station-Id = "000e6acd7ff5"
NAS-Identifier = "dhlab_3com"
State = 0x34fc3101d2597dcae9f02eb68c529953
EAP-Message = 0x02050022190017030100171d156bb7f6783f7d189e1907099a9fa7309a04e469c5b1
Message-Authenticator = 0xe538669776929af733db5ebd93558b24
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "dhesse", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 34
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dhesse
radius_xlat: '(uid=dhesse)'
radius_xlat: 'o=StormLake'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user dhesse authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - dhesse
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of dhesse
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to dhesse
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "dhesse", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dhesse
radius_xlat: '(uid=dhesse)'
radius_xlat: 'o=StormLake'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user dhesse authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 182 to 10.10.4.20:2502
EAP-Message = 0x010600371900170301002c2e60ef6cbaeb243c56acedee7a7f10fd837170ff8a7cf9db7376f6b80f3978e34405f8355b645ec66f716d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5658e0fa40025a64a9c21e91575b399d
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.4.20:2503, id=183, length=218
NAS-IP-Address = 10.10.4.20
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "dhesse"
Calling-Station-Id = "001109229950"
Called-Station-Id = "000e6acd7ff5"
NAS-Identifier = "dhlab_3com"
State = 0x5658e0fa40025a64a9c21e91575b399d
EAP-Message = 0x020600581900170301004dde7841f54a1023bc51de5b1049a3f40bc6a3885985ce3a25d2bb4eccc1b5750fb81735d317f01cdf5be04fa5ffb8d4ba2d8c4797bcc127929b672758a2ffe8fc4618d3ac27af90766780edb361
Message-Authenticator = 0xb1ca667f588b5c0be2ebe759ba2d3d71
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "dhesse", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 88
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dhesse
radius_xlat: '(uid=dhesse)'
radius_xlat: 'o=StormLake'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user dhesse authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to dhesse
PEAP: Adding old state with 27 d7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "dhesse", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 65
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dhesse
radius_xlat: '(uid=dhesse)'
radius_xlat: 'o=StormLake'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user dhesse authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 5
rlm_mschap: Told to do MS-CHAPv2 for dhesse with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 5
modcall: group Auth-Type returns ok for request 5
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 183 to 10.10.4.20:2503
EAP-Message = 0x0107004a1900170301003f0226fad9a3d3afef959674ecb3b3414541310676070004398f63d7a5bba3441ee2a3dfcdbbbde73f91f7312051a0f5b579bf9193eb090630c7be88de6d4dee
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0c24a22194018da936facb78fe3ceaf8
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.10.4.20:2504, id=184, length=159
NAS-IP-Address = 10.10.4.20
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Framed-MTU = 1400
User-Name = "dhesse"
Calling-Station-Id = "001109229950"
Called-Station-Id = "000e6acd7ff5"
NAS-Identifier = "dhlab_3com"
State = 0x0c24a22194018da936facb78fe3ceaf8
EAP-Message = 0x0207001d19001703010012f1bdeccdf36c88896d25284d609126cdf8ac
Message-Authenticator = 0x48bcf0174488515db7aab6c2b9615e3d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "dhesse", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for dhesse
radius_xlat: '(uid=dhesse)'
radius_xlat: 'o=StormLake'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse)
rlm_ldap: Added the eDirectory password in check items