<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>I am trying to make
PEAP work with Radiator 4.2. Strangely, in my setup, PEAP work fine with WZC but
it's not working with my Intel client on my laptop and with a 7921 Cisco IP
phone.</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>Here is the results
of my testing so far.</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>1. WZC using my
laptop and my Intel wireless card works great with EAP-TTLS and
PEAP.</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>2. My Intel client
(I upgrade the driver of the card and the client this week) works only in
EAP-TTLS mode (not PEAP).</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>3. A Cisco wireless
IP Phone 7921 that I am trying to authenticate to the wireless network in
PEAP fail.</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>In fact in PEAP,
both the Intel client and the 7921 succeed to authenticate. Radiator sends the
Access-Accept with the keys, but the client (7921 or the Intel client) cannot
obtain an Ip address from the DHCP server. I have tried to set a static
IP on the wireless card of my laptop and try to ping the default gatway of
the wireless network with no success.</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>It's like if all the
authentication process succeed but the encryption key transmitted
does not match between the AP and the client. </FONT> </SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>I also have to add
that I have tried on wireless network from 2 different vendors (Colubris and
Cisco) with the same result.</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2>Thanks!</FONT></SPAN></DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2>#radius_cta.cfg</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2><Handler
TunnelledByPEAP=1><BR> WtmpFileName
%L/wtmp<BR> AcctLogFileName
%L/accounting</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2> <AuthBy
FILE><BR>
Filename
/etc/radiator/ctabrp/usersdb<BR>
EAPType MSCHAP-V2<BR>
</AuthBy></FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>AuthLog
Defaut</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></Handler></FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=180485419-29042008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV> </DIV><SPAN class=180485419-29042008><FONT face=Arial size=2>
<DIV><BR>#SSID - WLAN_CISCO_TEST<BR>#
===---------------------------------------------<BR><Handler
Called-Station-Id = /.*CTA_Sans_fil/
><BR> WtmpFileName
%L/wtmp<BR> AcctLogFileName
%L/accounting<BR> <AuthBy
FILE><BR>
Filename
/etc/radiator/eaptest/eapanonymoususer<BR>
#type de EAP
supporte<BR>
EAPType TTLS,
PEAP<BR>
#l'emplacemenet du certificat
CA<BR>
EAPTLS_CAFile
/etc/radiator/SelfCert/radius_testCA.sti.usherbrooke.ca.pem<BR>
#l'emplacement du certificat du
serveur<BR>
EAPTLS_CertificateFile
/etc/radiator/SelfCert/cas2.sti.usherbrooke.ca.pem<BR>
EAPTLS_CertificateType
PEM<BR>
#l'emplacement du fichier de cle privee du
serveur<BR>
EAPTLS_PrivateKeyFile
/etc/radiator/SelfCert/cas2.sti.usherbrooke.ca.key<BR>
EAPTLS_PrivateKeyPassword
radiusCA<BR>
EAPTLS_MaxFragmentSize
1000<BR>
EAPAnonymous
%0<BR>
AutoMPPEKeys<BR>
SSLeayTrace 4<BR>
</AuthBy><BR> AuthLog
Defaut<BR></Handler><BR></DIV>
<DIV>#<BR>## CTA LDAP Users<BR>#<BR><Handler
User-Name=/^[a-zA-Z]{4}[0-9]{4}$/,NAS-Identifier =
"P1-1012-WL4402A"><BR> MaxSessions
2<BR> WtmpFileName
%L/wtmp<BR> AcctLogFileName
%L/accounting<BR><AuthBy GROUP><BR> AuthByPolicy
ContinueUntilAccept</DIV>
<DIV> </DIV>
<DIV> <AuthBy
LDAP2><BR>
Host
ldapr1.usherbrooke.ca<BR>
AuthDN
uid=lectureparradius,ou=autres,dc=usherbrooke,dc=ca<BR>
AuthPassword
kBub68Rc<BR>
BaseDN
dc=usherbrooke,dc=ca<BR>
Scope
sub<BR>
ServerChecksPassword<BR>
UseTLS<BR>
SSLVerify
none<BR>
SSLCAFile
/usr/share/ssl/certs/ca-bundle.crt<BR>
Debug 255<BR> </AuthBy></DIV>
<DIV> </DIV>
<DIV> <AuthBy
LDAP2><BR>
Host
ldapr2.usherbrooke.ca<BR>
AuthDN
uid=lectureparradius,ou=autres,dc=usherbrooke,dc=ca<BR>
AuthPassword
kBub68Rc<BR>
BaseDN
dc=usherbrooke,dc=ca<BR>
Scope
sub<BR>
ServerChecksPassword<BR>
UseTLS<BR>
SSLVerify
none<BR>
SSLCAFile
/usr/share/ssl/certs/ca-bundle.crt<BR>
Debug 255<BR>
</AuthBy><BR></AuthBy></DIV>
<DIV> </DIV>
<DIV>AuthLog Defaut</DIV>
<DIV> </DIV>
<DIV></Handler></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>#<BR># Accounting Handler CTA<BR>#<BR><Handler Called-Station-Id =
"10.51.31.240",NAS-IP-Address = 10.51.31.240, Acct-Status-Type =
Start|Alive><BR> WtmpFileName
%L/wtmp<BR> AcctLogFileName
%L/accounting<BR> <AuthBy
INTERNAL><BR>
AuthResult
ACCEPT<BR>
AcctStartResult
ACCEPT<BR>
AcctStopResult
ACCEPT<BR>
DefaultResult
ACCEPT<BR>
</AuthBy><BR> AuthLog
Defaut<BR></Handler></DIV></FONT></SPAN>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV align=left><FONT face=Elephant size=2>Pascal Beauregard</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Analyste en
télécommunications</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>Université de Sherbrooke</FONT></DIV>
<DIV align=left><FONT face=Arial size=2>(819)821-7770</FONT></DIV>
<DIV align=left><FONT face=Arial size=2><A
href="http://www.usherbrooke.ca/">www.usherbrooke.ca</A></FONT></DIV>
<DIV> </DIV></BODY></HTML>