Freeradius 1.2.3 and Windows 7

Krzysztof Srokowski k.srokowski at gdansk.gda.pl
Wed Oct 20 08:37:20 CEST 2010 

> There is no version "1.2.3"

I`m sorry, I`m using pfSense release 1.2.3, with freeradius package 1.1.2_1 (latest)

Below I describe my configuration;

1. pfSense with freeradius 1.1.2_1
2. Access Point Linksys WRT54G
3. Clients Windows XP SP3 and Windows 7

My goal was to create WiFi access with WPA2 (AES) + EAP-PEAP(MSCHAPv2). For tests I generated server certificate from my own CA. Both certificates CA certificate, and server certificate was transferred to freeradius server and configured in eap.conf file in tls section. I made also other configurations to use peap protocol and mschapv2. 

The second step was the clients. My root CA certificate was installed to certificate repo in system. I checked all required options in connection properities like (use WPA2 with AES, PEAP, verify server certificate also with root CA certificate which was imported before). When I tried to connect from XP client everything is fine, client is authorized and connection works without problem. But from Windows 7 client its not. Same configuration, same settings, and I get error in radius.log:

----
" Tue Oct 19 13:01:06 2010 : Error: TLS Alert read:fatal:unknown CA
Tue Oct 19 13:01:06 2010 : Error:     TLS_accept:failed in SSLv3 read
client certificate A
Tue Oct 19 13:01:06 2010 : Error: rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Tue Oct 19 13:01:06 2010 : Error: rlm_eap_tls: SSL_read failed inside of TLS (-1), TLS session fails.
Tue Oct 19 13:01:06 2010 : Auth: Login incorrect:
[host/um4910142413/<no User-Password attribute>] (from client WRT54G port 35 cli 000e2e950bbd) "
----






-----Original Message-----
From: freeradius-users-bounces+k.srokowski=gdansk.gda.pl at lists.freeradius.org [mailto:freeradius-users-bounces+k.srokowski=gdansk.gda.pl at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, October 19, 2010 4:03 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius 1.2.3 and Windows 7

Krzysztof Srokowski wrote:
> Before I ask detailed question I have one simple. Can  Freeradius 1.2.3

  What's that?

  There is no version "1.2.3".

> cooperate successfully with Windows 7 ? I Mean in configuration
> WPA2-Enterprise (AES) + EAP-PEAP(MSCHAPv2) ? I cant get no information
> about it. Actually my configuration works fine with Windows XP, so after
> hours of fight with Windows 7 this must be my first question…

  The latest version is 2.1.10, and works fine with Windows 7.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list