(RADIATOR) Anyone get EAP-PEAP on XP to work Radius?

Hugh Irvine hugh at open.com.au
Fri Mar 7 17:09:17 CST 2003 

Hello Christian -

Thanks for posting this.

And yes there is a simple way to add reply attributes in the 
configuration file:

	<AuthBy ...>
		....
		AddToReply State = .....
	</AuthBy>

regards

Hugh


On Saturday, Mar 8, 2003, at 08:03 Australia/Melbourne, Christian 
Wiedmann wrote:

> Your settings sound fine.  I have PEAP authentication working with the 
> same
> setup on XP Home (SP1).  I don't think that it matters whether the 
> authenticate
> as computer or authenticate as guest boxes are checked (except that 
> obviously
> it's going to fail to authenticate if you don't have them configured in
> Radiator).
>
> Are you sure you're getting a TLS tunnel?  The TLS tunnel isn't 
> established
> until the first identity exchange, which normally only happens after 
> you enter
> information in the login window.  If you actually are getting to the 
> TLS stage,
> Windows must have credentials from somewhere - double check the 
> MSCHAP-V2
> settings to make sure it isn't using your Windows login information.
>
> What AP are you using?  If it is a Linksys WRT51AB or similar, I've 
> discovered
> that the AP requires a State attribute to be in the Radius replies.  
> I've
> modified my version of Radiator to add one.  I'm not sure if there is 
> a cfg-
> file way of doing this -- I actually modified the perl code.
>
> 	-Christian
>
> On Fri, 7 Mar 2003, John McFadden wrote:
>
>> Date: Fri, 07 Mar 2003 14:16:44 -0500
>> From: John McFadden <dasjlm at uwo.ca>
>> To: radiator at open.com.au
>> Subject: (RADIATOR) Anyone get EAP-PEAP on XP to work Radius?
>>
>> I installed lastest Service Pack on XP to get the built in 802.1x 
>> client
>> but can't seem to get it to
>> authenticate via Radius. It appears that I get a TLS tunnel but never
>> get a logon popup on XP.
>>
>> I believe it is some kind of setup issue on XP not Radiator so I just
>> would like to
>> verify my XP setup before getting into Radiator.
>>
>> I started the Wireless Zero Config service.
>>
>> I clicked on the applicable connection and it's  property button.
>>
>> In the authentication tab (confirms the Wireless Zero Config installed
>> and running.)
>> -I clicked on Enable IEEE802.1x
>> -I selected Protected EAP (PEAP)
>> -I left off Authenticate as computer
>> -I left off Authenticate as guest
>>
>>
>> In the peap properties tabe.
>> -I left off validate server certficate - I assume not required for
>> EAP-PEAP?  Is this my problem?
>> -I selected EAP-MSCHAPV2 as authentication method.
>>
>> In the EAP-MSCHAPV2 properities I left off the use Windows userid,
>> password and domain.
>>
>> Can someone comment confirm this setup should work?
>>
>>
>>
>> Thanks in advance.
>>
>> John McFadden
>>
>>
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list