FR 2.0.3, WinXP, PEAP and mschapv2
Hi, I have a problem configuring wireless 802.1x authentication with FR and a Windows client. I use version FR 2.0.3 and think I configured everything quite well. FR sends out the Access-Challenge but my windows client does not answer it. I recreated the default certificates to be sure that the nessesary OIDs (see xpentenstions) are included. But still no success. Any idea? Thanks. -- Config: modules { pap { auto_header = no } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { radwtmp = ${logdir}/radwtmp } $INCLUDE eap.conf mschap { authtype=MS-CHAP use_mppe=yes require_encryption = yes require_strong = yes } $INCLUDE sites-enabled/ eap.conf: eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { certdir=/usr/local/etc/raddb/certs cadir=/usr/local/etc/raddb/certs private_key_password = whatever private_key_file = ${certdir}/server.pem certificate_file = ${certdir}/server.pem CA_file = ${cadir}/ca.pem dh_file = ${certdir}/dh random_file = ${certdir}/random cipher_list = "DEFAULT" make_cert_command = "${certdir}/bootstrap" } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } peap { copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } mschapv2 { } } sites-enabled/default.conf authorize { preprocess chap mschap suffix eap { ok = return } unix files expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschapv2 } unix eap } Thanks for any hint. Michael Schwartzkopff
Am Freitag, 4. April 2008 09:17 schrieb Michael Schwartzkopff:
Hi,
I have a problem configuring wireless 802.1x authentication with FR and a Windows client. I use version FR 2.0.3 and think I configured everything quite well.
FR sends out the Access-Challenge but my windows client does not answer it. I recreated the default certificates to be sure that the nessesary OIDs (see xpentenstions) are included. But still no success. Any idea? Thanks.
Hi, I solved the problem: The certificates were not the problem. I had no virtual server "inner-tunnel" so I had to comment out the line: # virtual_server = "inner-tunnel" in the peap module of eap.conf Cheers, -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: misch@multinet.de web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42
participants (1)
-
Michael Schwartzkopff