HP M200 certificate authentication fails

Alan DeKok aland at deployingradius.com
Fri Jul 25 20:35:17 CEST 2014

Gordon Cook wrote:
> I then installed the certificates on all our windows laptops.  I am using laptop1 for testing
> Originally I had a CISCO AP connected to the radius server and everything works. (wireless_ap1)

  Then all of the things involved are proven to work.

> We needed to upgrade our wireless and purchased an HP AP. (wireless_ap2)
> So 
> Laptop1 <---------> wireless_ap1 <-----------> radius1     this works using the above certificates
> Laptop1 <---------> wireless_ap2 <-----------> radius1     this does not work using the above certificates
> Laptop1 <---------> wireless_ap2 <-----------> radius1     using EAP-TLS and PAP works.

  Then the problem is the HP AP.  You've already proven that FreeRADIUS
works.  When you change ONLY the AP, and EAP doesn't work... blame the AP.

> This is where I am confused.  If it is the supplicant why would it work with wireless_ap1 and not wireless_ap2 using the same settings and credentials.  This is what leads me to believe that the HP is doing something different with the packets than the the CISCO is and there is a setting in one of the config files on the radius server that needs to set or adjusted to handle the difference.

  That is entirely the wrong approach.  "Changing something" is pretty
much magical thinking.

  Instead, find the *cause* of the problem, and fix *that*.  There is no
magical setting in FreeRADIUS saying "work with HP".  The default
configuration should work with every standards-compliant RADIUS client.

> I am currently running the eaphost trace again to see if there is something I missed.

  Stop blaming FreeRADIUS.  Throw the HP AP in the garbage, and buy an
AP that works.

  Alan DeKok.

More information about the Freeradius-Users mailing list