Authentication issues with Win7 and WPA/WPA2 Enterprise

Gary Gatten Ggatten at waddell.com
Wed May 18 18:10:01 CEST 2011 

I would LOVE if W7 just worked!  People here are blaming FR and I'm trying to convince them it has nothing to do with it, but since the MSCHAP challenges / responses are hashed I can't PROVE it to them.

I have FR debugs of a working auth and a rejected auth.  I'd like to "unhash" the MSCHAP stuff to see in clear text what's getting sent back and forth so I can get a better idea of why the request is being rejected.

G


-----Original Message-----
From: freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com at lists.freeradius.org] On Behalf Of Phil Mayers
Sent: Wednesday, May 18, 2011 11:01 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: Authentication issues with Win7 and WPA/WPA2 Enterprise

On 18/05/11 16:50, Gary Gatten wrote:
> I can't comment on your problem right now, but be aware there seem to
> be MANY issues with Windows 7.  Our config works PERFECT with XP,
> Apple IOS, and other "basic" stuff.  When we started testing Windows
> 7 (WPA2 Enterprise) we ran into all kinds of weirdness.  And just
> when we think we have a working config and have a few users start
> testing it breaks.
>
> The web is littered with people having problems with Windows 7.  I'm
> convinced the W7 Supplicant is really broken.  In our environment FR
> doesn't even see the PEAP, just an MSCHAP, and that even fails!

We have no problems with Windows 7. It works just fine. There don't seem 
to be significant differences between it and Windows XP SP3 from our 
point of view.

>
> Anyway...  Maybe if someone knows of a tool to dehash/decrypt the
> MSCHAP stuff I could actually see what's different in the requests
> between a working auth and a rejected auth.  Right now we're grasping
> at straws and can't figure out why MS is essentially doing nothing
> about this...

Can you be more specific about what kind of "script" you want? I've got 
a bunch of python tools I use for testing here.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>

More information about the Freeradius-Users mailing list