WPA authentication works only with MacOS clients
Hello all, I'm using WPA with EAP-TTLS and PEAP with a MacOS .Authentication works fine (even if enough slowly). The problem is that I can't authenticate WinXP client. I've readed that for using EAP-TTLS are required some other supplicant like SecureW2. Is SecureW2 required also for PEAP? Thanks for attention Best Regards, Josh
Hi Josh,
Hello all, I'm using WPA with EAP-TTLS and PEAP with a MacOS .Authentication works fine (even if enough slowly). The problem is that I can't authenticate WinXP client. I've readed that for using EAP-TTLS are required some other supplicant like SecureW2. Is SecureW2 required also for PEAP?
No, the built-in supplicant works. But then your server cert needs to have the "TLS Web Server Authentication OID", otherwise the supplicant will refuse to authenticate. This special surprise brought to you by: Microsoft :-) Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
On 10/16/06, Stefan Winter <stefan.winter@restena.lu> wrote:
Hi Josh, No, the built-in supplicant works. But then your server cert needs to have the "TLS Web Server Authentication OID", otherwise the supplicant will refuse to authenticate. This special surprise brought to you by: Microsoft :-)
Hi Stefan, thank you for the quick answer. Can you tell me the parameter that I must use for having "TLS Web Server Authentication OID"? I have used - x509 but it is insufficient :) However, thanks. Josh Shamir
Hi,
Hello all, I'm using WPA with EAP-TTLS and PEAP with a MacOS .Authentication works fine (even if enough slowly). The problem is that I can't authenticate WinXP client. I've readed that for using EAP-TTLS are required some other supplicant like SecureW2. Is SecureW2 required also for PEAP?
no. the builtin WinXP supplicant does PEAP natively. however, dont forget that PEAP doesnt deal with plain text passwords - you either need to have NT-hash or use ntlm_auth alan
Hi, I can't use NT-hash because I use PAP and I need clear-text password. However I've generated server-side certificates with CA.all script with standart xpextension: [ xpclient_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ xpserver_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.1 Can I modify this OID to create MS-Windows compatible certificates? Or there are some other way to obtain this feature? Best Regards, Josh On 10/16/06, A.L.M.Buxey@lboro.ac.uk <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
Hello all, I'm using WPA with EAP-TTLS and PEAP with a MacOS .Authentication works fine (even if enough slowly). The problem is that I can't authenticate WinXP client. I've readed that for using EAP-TTLS are required some other supplicant like SecureW2. Is SecureW2 required also for PEAP?
no. the builtin WinXP supplicant does PEAP natively. however, dont forget that PEAP doesnt deal with plain text passwords - you either need to have NT-hash or use ntlm_auth
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Josh Shamir -
Stefan Winter