Freeradius + TLS for Wifi networks
Hello there, I am implementing freeradius with openssl to do authentication for Wifi Windows XP clients with Wireless Access Points which has support for WPA. I am using a CommGate Shield product which is based on Red Hat Linux 9.0 with the latest patches, with a custom-compiled freeradius-1.0.4 and openssl-0.98 as the base system. After the compilation and configuration, we did our testing with a Windows XP Pro SP2 client and the integration was successful. However, I noticed that we have had multiple dropped connections from Windows XP Pro with the Planet WAP-4000 and 3Com Office Connect Wireless Access Points every 30 to 45 minutes but the freeradius server logs does not show any errors. I don't think this is a freeradius issue but I need to verify with someone that this is not a radius related problem. My question: ----------- Is there any configuration parameters within freeradius that I can tweak to debug and check that radius is not the one causing this problem? Logically, I don't think it's a radius issue but I might be wrong. If there is anyone that would like to get a copy of our RADIUS + TLS HOWTO documentation with to find out how we did this integration, please send me a personal email and I will send the PDF copy over. -- Stay driven! Moonshi Mohsenruddin CommGate Inc.
mmoonshi@commgate.net on August 3, 2005 at 03:51 -0800 wrote:
However, I noticed that we have had multiple dropped connections from Windows XP Pro with the Planet WAP-4000 and 3Com Office Connect Wireless Access Points every 30 to 45 minutes but the freeradius server logs does not show any errors.
Remember: the logs only show what is sent to the radius server -- if the WAP doesn't send an accounting packet or authentication packet, nothing will be in your logs.
I don't think this is a freeradius issue but I need to verify with someone that this is not a radius related problem.
It doesn't sound like it is.
Is there any configuration parameters within freeradius that I can tweak to debug and check that radius is not the one causing this problem?
Well, if you start radius like so: "radiusd -X" it will output debug info to stdout. It's rather complete information, but it only starts one process and may cause more output than you really want.
Logically, I don't think it's a radius issue but I might be wrong.
The only way it's a radius issue is if the machine is trying to reauthenticate, and radius is denying it the second time. Of course, this would show up in the radius logs if your AP was doing the right thing.
If there is anyone that would like to get a copy of our RADIUS + TLS HOWTO documentation with to find out how we did this integration, please send me a personal email and I will send the PDF copy over.
I'd love to see your documentation -- we're in the process of writing our own now, and anything that might have some more "gotchas" is good. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)
Thank you for the feedback Kris! I truly appreciate it. I shall send the HOWTO to you in a separate email. --Moonshi On Wed, 2005-08-03 at 08:21 -0700, Kris Benson wrote:
mmoonshi@commgate.net on August 3, 2005 at 03:51 -0800 wrote:
However, I noticed that we have had multiple dropped connections from Windows XP Pro with the Planet WAP-4000 and 3Com Office Connect Wireless Access Points every 30 to 45 minutes but the freeradius server logs does not show any errors.
Remember: the logs only show what is sent to the radius server -- if the WAP doesn't send an accounting packet or authentication packet, nothing will be in your logs.
I don't think this is a freeradius issue but I need to verify with someone that this is not a radius related problem.
It doesn't sound like it is.
Is there any configuration parameters within freeradius that I can tweak to debug and check that radius is not the one causing this problem?
Well, if you start radius like so: "radiusd -X" it will output debug info to stdout. It's rather complete information, but it only starts one process and may cause more output than you really want.
Logically, I don't think it's a radius issue but I might be wrong.
The only way it's a radius issue is if the machine is trying to reauthenticate, and radius is denying it the second time. Of course, this would show up in the radius logs if your AP was doing the right thing.
If there is anyone that would like to get a copy of our RADIUS + TLS HOWTO documentation with to find out how we did this integration, please send me a personal email and I will send the PDF copy over.
I'd love to see your documentation -- we're in the process of writing our own now, and anything that might have some more "gotchas" is good.
-kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)
participants (2)
-
Kris Benson -
Moonshi Mohsenruddin