MSCHAPv2 Authentication

Riccardo Veraldi Riccardo.Veraldi at cnaf.infn.it
Thu Mar 8 09:50:41 EST 2007



Well everythings looks fine...
YOU MUST use the Windows XP supplicant which provides PEAP support.
probably the Wireless card tool does not support 802.1x authentication
based on PEAP.
why you need to use it ?
You don't need to.
Often vendors provide application tools for their sold wireless devices
which has only very BASIC features like choosing SSID on a WEP or WPA-PSK
key and they often does not support advanced features like EAP-TLS or 
EAP-TTLS
or PEAP transport of hte authenticatino over 802.1x.
This is normal.
AS far as I know only Intel ships with WiFi apps which also supports 
802.1x facilities.
But you do not need it, you have Windows supplicant.
and yes you NEED SP2

Riccardo


Luca Merolla wrote:
> On Thu, 2007-03-08 at 15:02 +0100, Riccardo Veraldi wrote:
>   
>> I simply did not understand your problem.
>> Your university uses a protected wireless network based on WPA + PEAP
>> apparently...
>>     
>
> Yes exactly
>
>
>   
>> So you need credentials to join the network if you do not have them
>> you cannot join.
>>     
>
> I have my username and password and I can access from Windows but just
> with the Wireless Tools from Win XP SP2.
>
>   
>> but you have to be sure your campus uses 802.1x WPA and PEAP.
>>     
>
> How can I check it?
>
>   
>> Perhaps they are using EAP-TTLS instead of PEAP?
>> in this case you do not have the proper Windows supplicant and you
>> need to install something like
>> securew2 from Alfa Ariss.
>>     
>
> I have no problem from Windows if I use the normal Microsoft tool, but I
> have to uninstall the proprietary tool (for Win) provided by the
> wireless card cdrom.
> Every student have this kind of problem we are not able to use this kind
> of applications.
>
>   
>> But on Linux using atheros chipset card like Cisco a/b/g and
>> wpa_supplicant with a proper
>> wpa_supplicant.conf you should be able to be succesfull if you have
>> the credentials.
>>
>> On Linux Ubunto 6.10 there is full native support (firmware and
>> driver) for Atheros like chipset cards and also Intel 2200 BG cards
>> (the centrino ones), I tested it myself and they works using 802.1x
>> +WPA/WPA2+EAP-TTLS or PEAP
>>
>>
>> Riccardo
>>
>>
>> Luca Merolla wrote: 
>>     
>>> Hi everyone,
>>>
>>> I have a BIG problem with wireless and linux. In my college there is a 
>>> wireless network where you need username/password to access it but I'm 
>>> not able to do this...
>>> We have a Windows Guide that show how to configure it:
>>> - first you have to have windows xp SP2 (otherwise will not work... 
>>> it's seems that it's true)
>>> - the first step to connect is to try to connect with the "Wireless 
>>> Network Connection" tools from SP2 without changing any settings (so it 
>>> will download the certificate and it will fail to login)
>>> - after you have to change the settings in the access-point that you 
>>> were trying to connect in that way:
>>> - Network Authentication: WPA
>>> - Data Encryption: TKIP
>>> - EAP Type: Protected EAP (PEAP)
>>> - Uncheck "Validate Server Certificate"
>>> - Select Authentication Mode: Secured Password (EAP-MSCHAP v2)
>>> - Uncheck "Automatically use my Windows logon name and password (and 
>>> domain if any)
>>> - after these changes you try to connect again and a form will appear 
>>> where you have to enter (username, password, SSID)
>>>
>>> I have an Atheros based wireless card, and works like a charm in any 
>>> other wireless network that I have tryed.
>>>
>>> The strangest thing of that, is that nobody is able to connect in 
>>> Windows with the proprietary utility from every Wireless card, the only 
>>> way to connect is to follow the procedure with the Wireless Network 
>>> Connection Tool from Win XP SP2.
>>> So, my question is:
>>> is it possible to reproduce the step made by the Wireless Network 
>>> Connection Tool (especcially the first one to download this kind of 
>>> certificate) to connect with linux-wpa_supplicant, or should I give up?
>>>
>>> Thanks in advance,
>>> Luca Merolla
>>>
>>>   
>>>
>>> ____________________________________________________________________
>>>
>>> _______________________________________________
>>> HostAP mailing list
>>> HostAP at shmoo.com
>>> http://lists.shmoo.com/mailman/listinfo/hostap
>>>   
>>>       
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> HostAP mailing list
>> HostAP at shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>     




More information about the HostAP mailing list