Confused with FreeRadius + Win2000 + Linksys + EAP + Certs
Alexandros Gougousoudis
gougousoudis at kh-berlin.de
Mon Aug 7 11:13:25 CEST 2006
Hi,
I'am working on a FreeRadius Setup für our network since 3 weeks and I
get more and more confused, even after days of RTFM. If someone could
help me, I'd owe you a beer. :-)
This is what I want to do:
We have a Linksys Switch which can be an AP for Radius. If a PC is
authenticated the Port of the Switch will work. I want to install a
certificate on every PC in our network. The Supplicant should contact
the AP using eap and the AP the Radius-Server (I use freeradius 1.1.0 on
Suse 10.1). So the PC should have access to the network, regardless of
the user which will work on it.
I configured Freeradius' eap.conf to use TLS, did all certificates and
installed it on the client and server. radiusd -X -A does't report an
error. All Servers and Clients are in the DNS.
The problem is, if I setup the authentification with EAP-Type "Smartcard
or Certificate" in W2K simply nothing happens, there is no request
coming to the radius server, nor an error message on the client.
If I configure on the client PEAP with protected Password (and say that
it should not use the Windows-Logonname in the EAP-MSCHAPv2 Dialog) I
get a logon-screen and can authentify the computer (I've put a dummyuser
in users files) and I see the conversation in the server-debug.
If I say it should use the Windowslogonname, again nothing happens to
the radius server (there is even no request to that server).
I even took SecureW2 to test, with the same result.
I'm doing something terribly wrong, but what could it be? Every hint is
welcome!
In the future I want to check also in our LDAP-Directory (we have a
Samba-Domain there) if the computer exists in the domain and only then
accept the certificate for authentification. But I'am lightyears away
from it, did anybody do this before?
thanks in advance
Alex
--
ServiceCenter IT - Alexandros Gougousoudis (Leiter)
Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule
für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst
Busch".
Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445
More information about the Freeradius-Users
mailing list