Win XP with 802.1x PEAP (EAP-MSCHAP V2)

Marc Charbonneau MCharbonneau at ottawaheart.ca
Wed Apr 25 21:05:35 CEST 2007


Ok, that's what I thought (about the root Certificate not being pleasing
to XP).
 
FYI:   I'm using a version of Linux by Novell called SLES (SUSE Linux
Enterprise Server) version 9 Service Pack 3 and the FreeRADIUS is from
Novell's Web site (freeradius-1.0.2-0.i586.rpm,
freeradius-devel-1.0.2-0.i586.rpm).
 
I've done my Certificate work by using SLES' YaST, "Security and
Users", "CA Management".  I simply exported the root cert using this CA
Management GUI.  This worked great with Cisco's ADU configuration tool.
 
If someone could give me the quickest and easiest way to creating a
root certificate that's works with Windows XP, that would be great.
 
I have another CA running on a Windows 2003 server, can I make use of
this CA somehow?
 
Thanks for any help.
Marc

>>> A.L.M.Buxey at lboro.ac.uk 4/25/2007 1:33:00 PM >>>

hi,

rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select

okay. so thats the main issue. were your certificates generated with
the XP extensions? how have you configured the native supplicant?
it doesnt need much configuring.... just disable fast-connect, disable
user guest account, use machine auth (if you're not doing machine)
and click the MSCHPv2 stuff and deselect the 'use windows
username/password'
if you cannot use those. then its up to you to ensure the cert is in
the
store and you verify or dont verify your radius cert. 

alan
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070425/eb7e2bcf/attachment.html>


More information about the Freeradius-Users mailing list