Authentication issues with Win7 and WPA/WPA2 Enterprise

Simon L. fantasnews at ki.tng.de
Wed May 18 17:26:43 CEST 2011 

Dear Users,

I hope you will be patient with me, its my first time with freeradius.

I have problems to authenticate Windows 7 Clients with freeradius.

Using WPA2-Enterprise results in Access-Rejects after one Request.
Using WPA-Enterprise results in about nine different Access-Challanges
and one final Access-Accept - that cant be right.

I have set up a testing scenario with the local test user bob. If local
authentication works properly i want to proxy all requests without EAP
to another freeradius server. I will have questions to that later :)

radtest from localhost an remotehost succeeded.

Setting:

Win7_Client<-----WLAN----->WAP LinksysWRT54gl<------MPLS-Network over
PPPoE----------->FreeRADIUS_proxy(<---------------------------->FreeRADIUS_main)
Windows 7                           dd-wrt v24 SP2                      
                                            Ubuntu Server 10.4.2,
freeradius 2.1.10 generic
                                               10.73.108.254            
                                                        internal:
10.0.73.1  external: 213.x.x.x

I dont get a clue if the Problem is Windows, Certificates, Network oder
simply misconfigured freeradius.

certificates:
- i build the certs with and without that windows extension OID in
server.cnf with make from ../raddb/certs
- 2048 bit

Windows 7:
- installed ca.der as root cert in win7 and configured it for the
desired WiFi network
- for my eyes no difference in debug logs if validate server cert or not.
- unchecked using windows user or domain for auth
- EAP comes with PEAP/MSCHAPv2 as default - but the certs are for eap -
tls right?

WAP:
- WPA2 Enterprise with AES no accept packet possible until now
- WPA Enterprise with AES results in that 9-times Challenges until accept

freeRADIUS:
- compiled with installed openSSL dev lib
- default config as it comes out of the box, exept: added user bob with
cleartext password in users, added the WAP as client in clients.conf,
changed default_eap_type = "peap" and private_key_password =
"MYSECRET_FROM_SERVER_CERT" in eap.conf

configuration and stuff pls look at attached debug.log from running
radiusd -X
debug.log contains the output of radiusd -X with Access-Requests over
WPA-Enterprise.

I hope you got a hint for me.
Thanks !


Simon






-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110518/e8703749/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radtest.log
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110518/e8703749/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: users
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110518/e8703749/attachment-0002.ksh>

More information about the Freeradius-Users mailing list