Win2k and Freeradius, newbe plz help

Guy Davies Guy.Davies at telindus.co.uk
Wed Jun 29 15:06:33 CEST 2005


Upgrade to win2k SP4.  Before that, the M$ supplicant was broken.

If you're doing PEAP, I'm assuming you're doing PEAP/MS-CHAPv2.  If so,
why do you need a client cert?  You only need a client cert if you're
doing EAP/TLS.  PEAP/MS-CHAPv2 uses MS-CHAPv2 to exchange a user's
credentials based on a username and password.

Rgds,

Guy

> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org 
> [mailto:freeradius-users-bounces at lists.freeradius.org] On 
> Behalf Of Michael Langer
> Sent: 29 June 2005 13:45
> To: Freeradius-Users
> Subject: Win2k and Freeradius, newbe plz help
> 
> 
> Hi,
> 
> i try to configure freeradius and win2k(SP2) client for PEAP. 
> But the client doesnt connect to server or send any packages :(
> 
> I have create the certificates (root,client,server) and 
> install root.der and client.d12 on the windows machine. Further i do:
> 
> Select the Authentication tab
> Select Protected EAP on the drop-down list
> Click Properties
> Enable "Validate server certificate"
> In Trusted Root Certification Authorities list, enable the 
> root.der certificate. In Select Authentication Method, select 
> "Secured password (EAP-MSCHAPv2)"
> 
> freeradius (1.0.4):
> 
> Change the default_eap_type from tls to peap:
> 
> eap {	default_eap_type = peap
> 
> Move to the PEAP section below the TLS section and uncomment 
> the following
> lines:
> 
> peap {
> 	default_eap_type = mschapv2
> }
> 
> After i start radiusd -X all go fine, and i get: waiting for ...
> 
> 
> This should work, doesnt it?
> 
> mfg Michael
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 

This e-mail is private and may be confidential and is for the intended recipient only.  If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed.  If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it.  We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free.  You should undertake your own virus checking.  The right to monitor e-mail communications through our network is reserved by us. 






More information about the Freeradius-Users mailing list