3com wx - peap-mschapv2 - freeradius - mysql

Stefan Winter stefan.winter at restena.lu
Fri Jun 16 14:01:47 CEST 2006 

Hi!

> It is incredible! I have just installed SecureW2 and all is ok now!
> Have you any idea why XP SP2 didn't work? For my user will be more
> comfortable use XP interface instead install and use SecureW2.

I guess that is because Windows XP requires the TLS Server Certificate 
Extension to be present in the certificate, while SecureW2 doesn't.
You can easily verify if your certificate is right for Win XP:

openssl x509 -in certfile.pem -text

The output must contain the following lines:

        X509v3 extensions:
            X509v3 Extended Key Usage:
                TLS Web Server Authentication

If this extension isn't present, things won't work with the built-in 
supplicant, then you need another certificate. SecureW2 is not as picky about 
that, so the cert is still fine for SecureW2 and EAP-TTLS.

Windows XP supplicant being more comfortable? Arguably. Personally, I find it 
one of the worst-ever designed User Interfaces. Almost no one gets the 
correct, secure configuration right on first attempt. 
You can generate an automated installer with SecureW2, where most of the 
settings for your users are preconfigured (a "Site Deployment"). This makes 
it almost as easy as a double-click to get things running.

> A second problema. I have activate accounting but in "radacct" (log file
> and mysql table) I can't see the IP address of the supplicant client. I see
> only the nas ip address.
> There are some parameter to secify to add this feature?

Well, the server can only log what the NAS (Access Point) sends to it. You 
will need to configure your Access Point to send the client's IP address. It 
depends on your model of Access Point how to do this, if it's at all 
possible. I don't have a 3Com Access Point, so I have no idea how to do it. 
It sure comes with a manual, though.

> thank you very much for your help.

I'll enjoy free wireless LAN if I ever come to Florence. That's enough of a a 
revenue :-)

Greetings,

Stefan Winter

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060616/91e5f454/attachment.pgp>

More information about the Freeradius-Users mailing list