Win XP with 802.1x PEAP (EAP-MSCHAP V2)
Reimer Karlsen-Masur, DFN-CERT
karlsen-masur at dfn-cert.de
Fri Apr 27 10:03:52 CEST 2007
Hi Marc,
are you aware of
"PEAP authentication is not successful when you connect to a third-party
RADIUS server"
http://support.microsoft.com/kb/885453
Maybe it is somehow related?
Other updates I installed on XP SP2 for WLAN 802.1x and PEAP/EAP-TLS are
Hotfix 917021 (Wireless Client Update)
http://support.microsoft.com/kb/917021
Hotfix 893357 (WPA2 Update)
http://support.microsoft.com/kb/893357
Marc Charbonneau wrote:
>
> Ok, I minted the Certificates/Keys with a CA running on a Windows 2003
> server and was able to get them into the PEM format. The EAP.CONF was
> modified accordingly and RADIUSD is happy. I am still able to
> authenticate with no problems with 802.1x PEAP (EAP-MSCHAP V2) when
> using Cisco's ADU configuration tool. Still have problems when using
> the Windows XP supplicant.
>
> In trying to authenticate with the Windows XP supplicant, I can see from
> the logs that it's changing the password's 1st character to an "a". If
> you look at the log data below, you'll see that the user account
> "UOHI-40615" being used to authenticate is failing because the password
> sent is "aassword2" instead of "password2".
Are you typing your username/password on demand or has XP earlier stored it
magically and is reusing this?
If the latter, have you once typed the wrong password and XP is remembering
the wrong password?
> Does anyone know how to fix this problem?
> I'm so close, please help me find the needle in the haystack.
--
Beste Gruesse / Kind Regards
Reimer Karlsen-Masur
DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070427/f7c45642/attachment.bin>
More information about the Freeradius-Users
mailing list