Windows Vista doing PEAP

Alan DeKok aland at deployingradius.com
Wed Oct 4 18:14:25 CEST 2006


"King, Michael" <MKing at bridgew.edu> wrote:
> So we've been using FreeRADIUS talking to ActiveDirectory to
> authenticate our WinXP clients (Over 2000) for over a year now.
> Along comes Vista.  Of COURSE it doesn't work.  Microsoft changed
> something, and it broke a working config.  Arrg.

  Try: http://www.striker.ottawa.on.ca/~aland/vista.patch

  You'll have to re-build & re-install the EAP module (you don't need
to touch the rest of the server).  It won't help, but it will print
out a little more information.  We'll probably have to do a few cycles
before it's tracked down, though.

> My (amatuer) analyis,  (Aka my gut) is that Vista is Doing something in
> TLS, not PEAP.  (I don't see my mschap module fire).

  The TLS tunnel is set up, BUT vista is doing something slightly
different that confuses FreeRADIUS, so FreeRADIUS doesn't continue the
EAP conversation.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list