Wireless-802.11 vs. Ethernet and MSCHAP vs. EAP-TLS
Ivan Kalik
tnt at kalik.net
Tue Jun 16 23:41:47 CEST 2009
> I have working, fresh FreeRADIUS 2.1.6 configuration with certificates for
> EAP-TLS in wireless network - Access-Accept with real AP and eapol_test
> tool. An attempt to use this environment (except NAS) for wired network -
> this same client (MS Vista), server and certs unfortunately doesn't work
> (logs below). Changing authentication protocol to MSCHAP allow to
> authenticate client. Can anybody explain this?
That Vista supplicant is broken:
...
> rad_recv: Access-Request packet from host 82.177.110.254 port 1031, id=10,
> length=132
> State = 0xa0f2d08ba418ddd73e9644301c3ef096
> NAS-Port-Type = Ethernet
> User-Name = "user"
> NAS-IP-Address = 192.168.167.10
> NAS-Port = 2
> Framed-MTU = 1000
> NAS-Port-Id = "Port 2"
> Calling-Station-Id = "00-21-70-88-3f-c1"
> Called-Station-Id = "00-30-4f-64-76-eb"
> Message-Authenticator = 0xfbc6c2b85d0058ca9db53c130e84189c
...
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
...
It stopped doing EAP for some reason. There is no EAP-Message in that last
packet.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list