howto EAP-TLS on freeradius 2.0.2-3 ??

Joel MBA OYONE mba_oyone at yahoo.fr
Wed May 7 14:39:33 CEST 2008


Ok,

i think i really missed something! that config should take less than 15 minutes but i can't solve my problem for more than a week.

Alan or Ivan, could you give me a half our to help me to fix my RADIUS EAP-TLS config please. i would like to give you a full access to my network and my terminal too, so the diagnostic should be very very easy for you!
is it possible?

 
MBA OYONE Joël
Lot. El Firdaous
Bât GH20, Porte A 204, Appt 8
20000 Oulfa
Casablanca - Maroc
 
Tél. : +212 69 25 85 70


----- Message d'origine ----
De : Alan DeKok <aland at deployingradius.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Lundi, 5 Mai 2008, 17h18mn 10s
Objet : Re: Re : howto EAP-TLS on freeradius 2.0.2-3 ??

Joel MBA OYONE wrote:
...
> The VLAN attributes defined in RFC3580 are as follows:
> •   Tunnel-Type=VLAN (13)
> •   Tunnel-Medium-Type=802
> •   Tunnel-Private-Group-ID=VLANID
> 
> NOTE: The FreeRADIUS dictionary maps the 802 string value to the integer 6, which
>         is why client entries use 6 for the Tunnel-Medium-Type value.

  No.  For Tunnel-Medium-Type, "802" is a *name*, not a *number*.    See
Section 3.2 of RFC 2868:

...
   Value
      The Value field is three octets and contains one of the values
      listed under "Address Family Numbers" in [14].  For the sake of
      convenience, a relevant excerpt of this list is reproduced below.

   1      IPv4 (IP version 4)
   2      IPv6 (IP version 6)
   3      NSAP
   4      HDLC (8-bit multidrop)
   5      BBN 1822
   6      802 (includes all 802 media plus Ethernet "canonical format")
...

  FreeRADIUS gets it *right*.  Many NAS vendors get it *wrong*.

> To create a user and assign the user to a particular VLAN by using FreeRADIUS, open the
> etc/raddb/users file, which contains the user account information, and add for the new user.
> The following example shows the entry for a user in the users file. The username is
> “johndoe,” the password is “test1234.” The user is assigned to VLAN 77.
> 
> johndoe Auth-Type: = EAP, User-Password == “test1234"
>           Tunnel-Type = 13,
>           Tunnel-Medium-Type = 6,

  Or:  Tunnel-Medium-Type = IEEE-802
....
> 
> in both cases, it stays on "IDENTITY VALIDATION" in xp wireless management and sometime i receive the right ip adresss in the right IP Pool. ut lost it immediately, maybe cause of the repeating cycle of athentication sequence.
> AND, the client certificate, signed by the Server (not the CA root) is still with the same message.
> 
> 
> hope it would be helpfull !!

  Arg.  Microsoft keeps putting magic nonsense into their OS's to make
it difficult to use non-Microsoft RADIUS servers.

  And yes, this *is* a problem even inside of Microsoft!  So if you're
finding it a PITA to get it working, rest assured that Microsoft does, too.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 




More information about the Freeradius-Users mailing list