EAP challenge gets ignored with some clients

Ian Chard ian.chard at sers.ox.ac.uk
Thu Aug 11 17:03:43 CEST 2005


Firstly, sorry about the vague subject line!  Here's the scenario:

- FreeRADIUS 1.0.4 running on OpenBSD 3.7
- Netgear WAG302 access points (configured for WPA/TKIP)

I'm using PEAP and MSCHAPv2 to authenticate wireless folk against our
Windows domain controller with ntlm_auth.  As things stand, it's all
working... for some clients... some of the time.

My testing shows that:

- XP clients can always connect, although it sometimes takes them a few
tries (those using the card vendor's software work better than those
using the Windows client)

- Windows Mobile/Pocket PC devices sometimes work, sometimes don't (mine
worked until yesterday, now it refuses to connect)

- Various other version of Windows have varying results.

- Linux with wpa_supplicant _always_ works, and authenticates much
faster than anything else.

When a client fails to connect, the output of radiusd -X shows that
the daemon sends the first EAP challenge, but never receives a reply
(tcpdump on the OpenBSD box confirms this).  The symptoms are the same
regardless of the type of client.

I'm tearing my hair out, and have run out of things to try... I'm
hoping that this will all sound horribly familiar to someone who knows
exactly what's happening!

Many, many thanks for any advice (or just a shoulder rub :-)
- Ian

Ian Chard, Unix & Network Administrator   |  E: ian.chard at sers.ox.ac.uk
Systems and Electronic Resources Service  |  T:  80587 / (01865) 280587
Oxford University Library Services        |  F:          (01865) 204937

More information about the Freeradius-Users mailing list