(RADIATOR) Anyone get EAP-PEAP on XP to work Radius?

Mike McCauley mikem at open.com.au
Sat Mar 8 16:44:45 CST 2003


Hi All,

according to my experiments, XP will never ask for certificate, login or 
password details for any EAP type for a wireless or 802.1x LAN connection 
_unless_ the 'Show icon in notification area when connected' option is 
enabled in XP.

Cheers.

On Sun, 9 Mar 2003 12:36 am, Bon sy wrote:
> Hi Christian, John, and Mike,
>
> 	I have a similar problem as John on getting the 802.1X client of
> XP to work with the radius via Cisco 350 AP -- except I am looking into
> EAP-TLS.
>
> 	I have the same setup on the 802.1x client side. I follow the
> document reference mentioned in eap_tls.cfg for the setup, but no luck. I
> talked to Mike and he emailed me the screen shot of the Cisco (340?) AP
> set up required to work with the EAP-TLS. I follow that and use the
> certificate Hugh mentioned not too long along for the test. Still no luck.
>
> 	When I initially config the AP and check both EAP and Mac
> authentication in the "security tab" of the AP setup, I kept getting
> radius response on MAC authentication, and EAP authentication does not
> seem to happen. So, I thought it could be the certificate issue or the AP
> just ignore the EAP authentication because MAC authentication is also
> checked.
>
> 	Next what I do is to uncheck MAC authentication and leave only EAP
> authentication, and use the test certificate Huge posted so that it
> eliminates the possibility of the problem that is due to certificate
> generation. With that, radius does not even get the rquest response. A
> minor side note, I did make sure to use the right certificate in the XP
> machine. So, if assuming the screen shot Mike sent me is complete, the
> only possible conclusion left is the XP side. But as of now, I could not
> find any document addressing similar problems. John's posting is as close
> to my problem as I can find.
>
> 	Anyone out there has any insights? Thanks in advance!
>
> Bon
>
> On Fri, 7 Mar 2003, Christian Wiedmann wrote:
> > Your settings sound fine.  I have PEAP authentication working with the
> > same setup on XP Home (SP1).  I don't think that it matters whether the
> > authenticate as computer or authenticate as guest boxes are checked
> > (except that obviously it's going to fail to authenticate if you don't
> > have them configured in Radiator).
> >
> > Are you sure you're getting a TLS tunnel?  The TLS tunnel isn't
> > established until the first identity exchange, which normally only
> > happens after you enter information in the login window.  If you actually
> > are getting to the TLS stage, Windows must have credentials from
> > somewhere - double check the MSCHAP-V2 settings to make sure it isn't
> > using your Windows login information.
> >
> > What AP are you using?  If it is a Linksys WRT51AB or similar, I've
> > discovered that the AP requires a State attribute to be in the Radius
> > replies.  I've modified my version of Radiator to add one.  I'm not sure
> > if there is a cfg- file way of doing this -- I actually modified the perl
> > code.
> >
> > 	-Christian
> >
> > On Fri, 7 Mar 2003, John McFadden wrote:
> > > Date: Fri, 07 Mar 2003 14:16:44 -0500
> > > From: John McFadden <dasjlm at uwo.ca>
> > > To: radiator at open.com.au
> > > Subject: (RADIATOR) Anyone get EAP-PEAP on XP to work Radius?
> > >
> > > I installed lastest Service Pack on XP to get the built in 802.1x
> > > client but can't seem to get it to
> > > authenticate via Radius. It appears that I get a TLS tunnel but never
> > > get a logon popup on XP.
> > >
> > > I believe it is some kind of setup issue on XP not Radiator so I just
> > > would like to
> > > verify my XP setup before getting into Radiator.
> > >
> > > I started the Wireless Zero Config service.
> > >
> > > I clicked on the applicable connection and it's  property button.
> > >
> > > In the authentication tab (confirms the Wireless Zero Config installed
> > > and running.)
> > > -I clicked on Enable IEEE802.1x
> > > -I selected Protected EAP (PEAP)
> > > -I left off Authenticate as computer
> > > -I left off Authenticate as guest
> > >
> > >
> > > In the peap properties tabe.
> > > -I left off validate server certficate - I assume not required for
> > > EAP-PEAP?  Is this my problem?
> > > -I selected EAP-MSCHAPV2 as authentication method.
> > >
> > > In the EAP-MSCHAPV2 properities I left off the use Windows userid,
> > > password and domain.
> > >
> > > Can someone comment confirm this setup should work?
> > >
> > >
> > >
> > > Thanks in advance.
> > >
> > > John McFadden
> > >
> > >
> > >
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list