Foundry AP200 radio with client cert auth to win2003 AD using WPA2/PEAP

John Oberlander oberlander1 at yahoo.com
Wed Jun 18 09:01:51 EDT 2008


Hi,
Our company implemented a foundry networks wireless solution with 5 ap200's and foundry wireless roaming controller. When trying to auth, our ad says Im still trying to use eap instead of peap.  Below is my failed auth, and a good authenticated session.  Even though im using EAP=PEAP, the windows radius server still says im trying to use EAP.  Any help is appreciated.

User john*********r at green.****** was denied access.
 Fully-Qualified-User-Name = green.*******/*******/Users/US2/IT/John 
 NAS-IP-Address = *.*.*.*
 NAS-Identifier = <not present> 
 Called-Station-Identifier = 00-90-0B-0A-1A-A5:Green_WPA2_SSID
 Calling-Station-Identifier = 00-1F-3C-55-91-75
 Client-Friendly-Name = us2-s-wpan-1a
 Client-IP-Address = *.*.*.*
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 2050
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows 
 Authentication-Server = <undetermined> 
 Policy-Name = GreenWireless2
 Authentication-Type = EAP
 EAP-Type = <undetermined> 
 Reason-Code = 22
 Reason = The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server. 

Working authentication....

User **********@green.******** was granted access.
 Fully-Qualified-User-Name = green.******/******/Users/US2/IT/Craig
 NAS-IP-Address = *.*.*.*
 NAS-Identifier = <not present> 
 Client-Friendly-Name = us2-s-wpan-1a
 Client-IP-Address = *.*.*.*
 Calling-Station-Identifier = 00-90-4B-7F-90-5A
 NAS-Port-Type = Wireless - IEEE 802.11
 NAS-Port = 2049
 Proxy-Policy-Name = Use Windows authentication for all users
 Authentication-Provider = Windows 
 Authentication-Server = <undetermined> 
 Policy-Name = GreenWireless2
 Authentication-Type = PEAP
 EAP-Type = Smart Card or other certificate


hardware info...

c:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)
        Subsystem: Intel Corporation Unknown device 1020
        Flags: bus master, fast devsel, latency 0, IRQ 218
        Memory at f9fff000 (32-bit, non-prefetchable) [size=4K]
        Capabilities: [c8] Power Management version 2
        Capabilities: [d0] Message Signalled Interrupts: Mask- 64bit+ Queue=0/0 Enable+
        Capabilities: [e0] Express Legacy Endpoint IRQ 0

Kernel...

ubuntu 8.04 2.6.24-18-generic

wpa supplicant.conf........

ctrl_interface=/var/run/wpa_supplicant

network={
        ssid="Green_SSID"
        scan_ssid=1
        key_mgmt=WPA-EAP
        proto=WPA2
        eap=PEAP
        pairwise=CCMP
        group=CCMP
#       phase1="peapver=0 peaplabel=1"
        phase2="auth=MSCHAPV2"
        identity="john********@green.*******"
        ca_cert="/etc/cert/********.pem"
        private_key="/etc/cert/********.pem"
        private_key_passwd="**********"
}


Thanks,
John




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080618/1c20b6e9/attachment-0001.htm 


More information about the HostAP mailing list