PEAP problems, never see an Access-Accept

Alan DeKok aland at ox.org
Fri Feb 3 02:39:35 CET 2006


Jorgen Rosink <jrosink at gmail.com> wrote:
> Had a hard time to even start FreeRadius on my Debian Unstable system
> with a working PEAP module (yes, I'm aware of OpenSSL licences and
> eap_tls / eap_peap linking problems with Debian, _now_ ;-) ) I'm
> currently using the 20060202-snapshot. With this version (also tried
> 20060130, same behaviour) I'm able to create PEAP enabled Debian
> packages, after manually editing. the pcap section in the main
> Makefile.

  I'd suggest using 1.1.0, unless you're willing to work with an
unstable vesion of FreeRADIUS.

> The problem now is that I'm trying to authenticate a default WindowsXP
> SP2 supplicant (ipw2200 nic) with PEAP, mschapv2 and a HP ProCurve
> 520WL Access Point in 802.1x mode (latest firmware). Below my
> FreeRadius startup and a attempt to authenticate, could someone please
> point me in a direction what's going on, I've no clue what's wrong...

  The symptom that Windows stops talking to the RADIUS server usually
means that the server certificate doesn't contain the magic windows
OID's.  See the scripts/ directory for samples of how to create certs
with the right stuff.

  Alan DeKok.




More information about the Freeradius-Users mailing list