Authentication failure - PEAP - MS-CHAPv2

Matthieu Lazaro matthieu.lazaro at eservglobal.com
Thu Jun 11 09:50:56 CEST 2009 

kissg a écrit :
>
>  
> It really is an AP issue. Using another AP (SMC WEBT-G) with the same
> Radius config works... Both Windows XP and Ubuntu connects
> successfully, no matter if I set certificate validation on or off...
> Anyway, there are two EAP setting which is supported by the Cisco AP:
> Open mode with EAP, and something called "Network mode". I'm going to
> try setting the latter one, maybe it helps. If not, a firmware update
> will be needed (I think).
>  
> Thanks for all your comments!
>  
> Regards
> Gergely Kiss
>
>
Hello,

I know how to configure those Cisco AP 1131 AG and it's working for me.
As it is too long and heavy to put some screen shots of the web
interface, here are parts of the configuration you should have.

Here are parts of the configuration you should have:

aaa new-model
!
!
aaa group server radius rad_eap
 server <IP@ of freeradius> auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
 server <IP@ of freeradius> auth-port 1812 acct-port 1813
!
aaa group server radius rad_admin
 server <IP@ of freeradius> auth-port 1812 acct-port 1813
!
aaa group server radius rad_eap1
 server <IP@ of freeradius> auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
.......................
dot11 ssid <ssID Name>
   authentication open eap eap_methods1
   authentication key-management wpa version 2
   guest-mode
   information-element ssidl wps
!
dot11 holdoff-time 60
dot11 aaa csid ietf
dot11 aaa dot1x compliance draft10
dot11 network-map
power inline negotiation prestandard source
eap profile < Profile Name>
 method mschapv2
!
..............................
radius-server local
  nas <ip @ of radius server> key secret
!
radius-server attribute 32 include-in-access-req format %h
radius-server host <IP@> auth-port 1812 acct-port 1813 key secret
radius-server vsa send accounting
bridge 1 route ip
!
................................

I hope it helps a little.

Best Regards,

Matt

More information about the Freeradius-Users mailing list