Foundry AP200 radio with client cert auth to win2003 AD using WPA2/PEAP

John Oberlander oberlander1
Wed Jun 18 06:01:51 PDT 2008 

Hi,
Our company implemented a foundry networks wireless solution with 5 ap200's and foundry wireless roaming controller. When trying to auth, our ad says Im still trying to use eap instead of peap.? Below is my failed auth, and a good authenticated session.? Even though im using EAP=PEAP, the windows radius server still says im trying to use EAP.? Any help is appreciated.

User john*********r at green.****** was denied access.
?Fully-Qualified-User-Name = green.*******/*******/Users/US2/IT/John 
?NAS-IP-Address = *.*.*.*
?NAS-Identifier = <not present> 
?Called-Station-Identifier = 00-90-0B-0A-1A-A5:Green_WPA2_SSID
?Calling-Station-Identifier = 00-1F-3C-55-91-75
?Client-Friendly-Name = us2-s-wpan-1a
?Client-IP-Address = *.*.*.*
?NAS-Port-Type = Wireless - IEEE 802.11
?NAS-Port = 2050
?Proxy-Policy-Name = Use Windows authentication for all users
?Authentication-Provider = Windows 
?Authentication-Server = <undetermined> 
?Policy-Name = GreenWireless2
?Authentication-Type = EAP
?EAP-Type = <undetermined> 
?Reason-Code = 22
?Reason = The client could not be authenticated? because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server. 

Working authentication....

User **********@green.******** was granted access.
?Fully-Qualified-User-Name = green.******/******/Users/US2/IT/Craig
?NAS-IP-Address = *.*.*.*
?NAS-Identifier = <not present> 
?Client-Friendly-Name = us2-s-wpan-1a
?Client-IP-Address = *.*.*.*
?Calling-Station-Identifier = 00-90-4B-7F-90-5A
?NAS-Port-Type = Wireless - IEEE 802.11
?NAS-Port = 2049
?Proxy-Policy-Name = Use Windows authentication for all users
?Authentication-Provider = Windows 
?Authentication-Server = <undetermined> 
?Policy-Name = GreenWireless2
?Authentication-Type = PEAP
?EAP-Type = Smart Card or other certificate


hardware info...

c:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)
??????? Subsystem: Intel Corporation Unknown device 1020
??????? Flags: bus master, fast devsel, latency 0, IRQ 218
??????? Memory at f9fff000 (32-bit, non-prefetchable) [size=4K]
??????? Capabilities: [c8] Power Management version 2
??????? Capabilities: [d0] Message Signalled Interrupts: Mask- 64bit+ Queue=0/0 Enable+
??????? Capabilities: [e0] Express Legacy Endpoint IRQ 0

Kernel...

ubuntu 8.04 2.6.24-18-generic

wpa supplicant.conf........

ctrl_interface=/var/run/wpa_supplicant

network={
??????? ssid="Green_SSID"
??????? scan_ssid=1
??????? key_mgmt=WPA-EAP
??????? proto=WPA2
??????? eap=PEAP
??????? pairwise=CCMP
??????? group=CCMP
#?????? phase1="peapver=0 peaplabel=1"
??????? phase2="auth=MSCHAPV2"
??????? identity="john********@green.*******"
??????? ca_cert="/etc/cert/********.pem"
??????? private_key="/etc/cert/********.pem"
??????? private_key_passwd="**********"
}


Thanks,
John




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080618/1c20b6e9/attachment-0001.htm

More information about the Hostap mailing list