Confused with FreeRadius + Win2000 + Linksys + EAP + Certs

Alexandros Gougousoudis gougousoudis at kh-berlin.de
Mon Aug 7 11:13:25 CEST 2006


Hi,

I'am working on a FreeRadius Setup für our network since 3 weeks and I 
get more and more confused, even after days of RTFM. If someone could 
help me, I'd owe you a beer. :-)

This is what I want to do:

We have a Linksys Switch which can be an AP for Radius. If a PC is 
authenticated the Port of the Switch will work. I want to install a 
certificate on every PC in our network. The Supplicant should contact 
the AP using eap and the AP the Radius-Server (I use freeradius 1.1.0 on 
Suse 10.1). So the PC should have access to the network, regardless of 
the user which will work on it.

I configured Freeradius' eap.conf to use TLS, did all certificates and 
installed it on the client and server. radiusd -X -A does't report an 
error. All Servers and Clients are in the DNS.

The problem is, if I setup the authentification with EAP-Type "Smartcard 
or Certificate" in W2K simply nothing happens, there is no request 
coming to the radius server, nor an error message on the client.

If I configure on the client PEAP with protected Password (and say that 
it should not use the Windows-Logonname in the EAP-MSCHAPv2 Dialog) I 
get a logon-screen and can authentify the computer (I've put a dummyuser 
in users files) and I see the conversation in the server-debug.

If I say it should use the Windowslogonname, again nothing happens to 
the radius server (there is even no request to that server).

I even took SecureW2 to test, with the same result.

I'm doing something terribly wrong, but what could it be? Every hint is 
welcome!

In the future I want to check also in our LDAP-Directory (we have a 
Samba-Domain there) if the computer exists in the domain and only then 
accept the certificate for authentification. But I'am lightyears away 
from it, did anybody do this before?

thanks in advance
  Alex


-- 
ServiceCenter IT - Alexandros Gougousoudis (Leiter)

Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule 
für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst 
Busch".

Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445





More information about the Freeradius-Users mailing list