freeradius with wpa/wpa2 and win xp home
Piotr Salwerowicz
piotr.salwerowicz at interia.pl
Wed Jul 2 14:14:57 CEST 2008
hello
I have problem with freeradius 2.x with wpa/wpa2 and win xp home sp2.
I try to make 802.1x + wpa/wpa2 on my ap linksys/dd-wrt. The supplicants
are windows xp home with sp2 with patch wpa/wpa2. On my access points i
set wpa/wpa2 enterprise/mix/radius and every time i have in logs:
"Sending Access-Challenge of..." and its not connect
I setup my freeradius on base this site:
http://www.tldp.org/HOWTO/8021X-HOWTO/freeradius.html
to set up freeradius, but there is some problem, its don't work
thanks for any help
it's my logs from freeradius:
Cleaning up request 2696 ID 0 with timestamp +51465
User-Name = "alan"
NAS-IP-Address = 10.0.0.7
Called-Station-Id = "0016b6c92839"
Calling-Station-Id = "0018f8368ad4"
NAS-Identifier = "0016b6c92839"
NAS-Port = 40
Framed-MTU = 1400
State = 0xe31b561ae01f4f79765637cf0502aac5
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0xc748764c47aff91a6202064c0d293641
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "alan", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 10.0.0.7 port 2061
EAP-Message = 0x010500061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe31b561ae71e4f79765637cf0502aac5
Finished request 2697.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2697 ID 0 with timestamp +51465
Ready to process requests.
and my conf radiusd.conf
(...)
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
snmp = no
$INCLUDE snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
authorize {
preprocess
mschap
suffix
eap
files
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
users :
alan User-Password == "alan"
eap.conf:
eap {
default_eap_type = peap
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
}
peap {
default_eap_type = mschapv2
virtual_server = "inner-tunnel"
}
mschapv2 {
}
}
cat modules/mschap |grep -v '#'
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
authtype = MS-CHAP
}
----------------------------------------------------------------------
Zobacz cala prawde o Lukaszu Podolskim!
kliknij >>> http://link.interia.pl/f1e57
More information about the Freeradius-Users
mailing list