intel Proset/wireless -> OK // windows zero config wireless -> KO

Norman Goh normangoh at exemail.com.au
Mon Sep 7 14:59:49 CEST 2009


Hi Bernard,

 

Based upon the provided information I would believe that this would be a
driver problem, but without knowing what you have tried, your actual Intel
Hardware and a proper wireless capture this is the best I can offer. To me
if the Intel and Thinkpad wireless apps work with your current setup and is
stable then the problem does not appear to be with Radius at all.

 

If you are using XP with Service Pack 2 then you need the following two
patches for WPA2 comms.

 

WindowsXP-KB893357-v2-x86-ENU.exe

WindowsXP-KB917021-v3-x86-ENU.exe

 

These two provide extra code for the WPA2 Enterprise authentication methods
you are using so that the Windows Zero config wireless can work properly.
Service Pack 3 for XP is supposed to have these two patches but I would add
them in anyway.

 

For Linux, again this is a driver/module issue and you need to ensure that
you have a couple of things running first before you attempt to connect to
the AP, modules such as the wpa_supplicant and wpa_supplicant-gui (if you
are using a desktop interface) are necessary, and the ieee80211 module if it
is required. It also depends on your Intel Hardware and Firmware code that
you have installed. I am assuming that you have Intel chipsets here and not
Atheros chipsets, there is a big difference.

 

This website will point you in the right direction even though the
information maybe out of date by a couple of years, it may highlight a bug
in your configuration files especially in linux.

 

http://ipw2100.sourceforge.net/index.php

 

You may already have tried the following suggestion – work your way up from
the lowest security wireless comms to the highest, (Ad-Hoc with no key, WEP,
WPA-PSK, WPA-TKIP, WPA2-PSK, WPA2-TKIP, WPA2-EAP\TLS) to try an pin point
the issue and confirm that the wireless works, at least for the less secure
comms.

 

The XP Sp2 without the patches will work up until WPA-PSK but due to the
cryptography changes in WPA2 it won’t work without the patches. The Intel
Proset and Thinkvantage tools would already have this extra code written in.

 

If you are running a FAT Cisco AP and not the LWAP version, you can
configure multiple profiles on the same gear so you can try the above
without messing up your working wireless comms. Else you have to do the
profiles in the WLAN controller software.

 

Cheers

 

Norman

 

 

 

 

  _____  

From: freeradius-users-bounces+normangoh=exemail.com.au at lists.freeradius.org
[mailto:freeradius-users-bounces+normangoh=exemail.com.au at lists.freeradius.o
rg] On Behalf Of Jaulin Bernard
Sent: Monday, 7 September 2009 1:48 AM
To: freeradius-users at lists.freeradius.org
Subject: intel Proset/wireless -> OK // windows zero config wireless -> KO

 

Hi all,

After many weeks with no results, It’s time to find  help !

Debian : 5.0

Freeradius : 3.0.4 (with openssl)

Samba : 3.2.5

AD : Windows 2008

PEAP & MSCHAPV2 

CISCO AP

Here is the problem.

We use  MSCHAP V2  with PEAP for Windows and Linux Client, the problem is so
strange. On HP laptops with Intel Proset wireless or IBM Thinpad with
Thinkvantage tools the connection was successful. 

The same laptop with Windows zero config wireless client or Linux (Fedora,
Debian) impossible !

No error on log debug, just an authentication silently failed.

Yes certificates have Windows OID client/server (xpestensions)

Any ideas ?

Thanks in advance for your answers


Bernard.

PS : No, I don’t want to use  MS Radius !!

____________________

Bernard Jaulin - ilem S.A.

Administration systèmes

* +41 (0)79 593 22 46

Route de la Galaise, 32

1228 Plan-Les-Ouates

 <http://www.ilem.ch/> http://www.ilem.ch/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090907/d1c0df61/attachment.html>


More information about the Freeradius-Users mailing list