(RADIATOR) XP Service Pack 2 and Cisco Wireless AP using WPA with RADIUS against Radiator

Kawakubo, Ken kkawakub at fhcrc.org
Wed Dec 21 13:21:06 CST 2005


Hi Hugh,

We have been running Cisco AP1100 + Radiator (LSA/AD) in WPA migration
mode (accept both tkip and dynamic wep) for the last 2 months. What you
are experiencing seems to me is a client issue. That is even if XPSP2
shows that WPA/TKIP is available, that does not mean that the client
firmware/driver actually support WPA/TKIP. We have come across some NICs
which do not associate at WPA but at dynamic WEP. We have found a NIC
(Ralink tech RT2560 chipset) which does not like WPA migration mode and
refuse to associate in either WPA or dynamic WEP. The first thing I
would do is to see if firmware/driver updates for the wireless NIC is
available.

Regards,

Ken Kawakubo

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Tuesday, December 20, 2005 10:11 PM
To: radiator at open.com.au List
Subject: (RADIATOR) XP Service Pack 2 and Cisco Wireless AP using WPA
with RADIUS against Radiator



Hello Everyone -

I have just spent an extremely frustrating day trying to get the  
above combination working correctly - unfortunately without success.

I'm hoping that someone on the list will be able to provide me with  
the magic formula.

Radiator is configured to handle PEAP against AD using LSA (using  
goodies/lsa_eap_peap.cfg) and is correctly returning an Access- 
Accept, however the Cisco AP and the XP laptop (HP/Compaq) don't  
start a connection and the whole RADIUS authentication starts again -  
with the same result - Radiator returns Access-Accept and around we  
go again.

The AP is configured to use WPA, as is the XP client.

Radiator is 3.13 with the latest patches running on a Windows server,  
Perl is the latest 5.8.7 from ActiveState.

Any tips and/or pointers gratefully accepted.

  many thanks

Hugh



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list