I just configured IAS RADIUS on my W2K Server and have all of my windows clients logging in and using PEAP,802.1x RADIUS authentication. My windows clients are fine. I configure the client with the pass phrase and had them point to the RADIUS server, I login and then I am in and things work great. Now the tuff part is how in the heck do I get my linux laptop to do the same thing. I have read about wpa-supplicant but how would I configure it to connect to a W2K RADIUS server,HELP!

i'm gonna assume you mean 802.1x as 802.x ecompasses internetworking as a whole, not just AAA. are you using IAS on win2k for radius? or is it a third party radius server like steel belted radius? If its IAS are you in active directory domain or a non AD environment? what switches do you use as radius clients?


i just deployed 802.1x using IAS (on server 2003) for radius authentication with catalyst 2950's as the clients, and winxp as the supplicant. i can tell you almost every error you're going to make is server side. setting up the clients and supplicants is cake, and IAS is nice in an active direcotry enviroment since authentication happens at logon making it transparent to the user, but its less than ideal to work with. give me the basic topography your working with and i'll do my best to help you out.

I am using IAS on win2k for radius. I am trying to connect my Fedora 5 laptop using PEAP to it for authentication and out to the internet. I was looking into WPA_Supplicant and havnt found anything worth anything. help! I found this sample config file for PEAP MSCHAPV2:

logfile = /var/log/xsupplicant.log

startup_command = <BEGIN_COMMAND>dhclient %i<END_CLIENT>

default {

allow_types = all

identity = <BEGIN_ID>myid@mynet.net<END_ID>

eap-peap {
root_cert = /home/user/certificates/root.pem
chunk_size = 1398
random_file = /dev/urandom
cncheck = radiusserver.mynet.net
cnexact = yes
sessi

eap-mschapv2 {
username = <BEGIN_UNAME>myid@mynet.net<END_UNAME>
password = <BEGIN_PASS>password<END_PASS>

}
}
}

Where would I point to my IAS server?

first things first, this part is probably self explanitory but it looks like you need to fill in these feilds

identity = <BEGIN_ID>myid@mynet.net<END_ID>
username = <BEGIN_UNAME>myid@mynet.net<END_UNAME>
password = <BEGIN_PASS>password<END_PASS>

i'd assume the identity and username fields are the same, and naturally your password feild is the password. If you in an AD environment you *may* need to join the comptuer to the domain depending on the rules you have set in IAS, otherwise just use a username and password that you know works on an XP box. you'll probably need a fully qualified logon name (username@domain.sub)
after that it looks like you need to put the name of your IAS server here

cncheck = radiusserver.mynet.net

so you're gonna have to make sure your linux box can resolve the name to an ip. you *may* be able to put an ip in this field, but i really dont know.


on a side note, you dont point your supplicant at the radisu server, you point your client, wich is usually the switch you're connecting too. any chance you can give us the basic topolgy? and dotn forget to check event veiwer, everytime IAS does anything, ti'll be logged there. i only had a bout a billion attempts before i got it working

I am actually not using that example that I have stated above I have this wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant

network={
ssid="SSID"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
identity="username"
password="password"
ca_cert="192.168.4.3" -------ACCESSPOINT
}

I am using WPA_Supplicant and not XSupplicant. I believe the example shows an xsupplicant example. will the same command apply for WPA_Supplicant?

those command in first post are for a different client called xsupplicant from sourceforge. I am using the wpa_supplicant and is connects to to the accespoint but it cannot authenticate to the RADIUS server. I have a error somewhere is the wpa_supplicant.conf file that is not correct. any suggestions?

I got my reference from this site:

http://hostap.epitest.fi/cgi-bin/vie...ype=text/plain

did you add the "-----ACCESS POINT" text? i would guess ca_cert means certification authority, wich in this case would be the box IAS is on. if not it is indeed where the AP goes. i also assume you replaced your SSID with teh letters SSID. anything showing up in the event vewier on the IAS server? do you have certificates enabled?

I ran wpa_supplicant with the -d option and looked at the errors and it cannot validate any keys from RADIUS server. I am unsure where to point my ca_cert statement towards. It ask for a file path. Just so people understand I am trying to authenticate my linux laptop to a Microsoft W2K(IAS,CA,RADIUS)server. I cannot find any decent how to for this and have search this site for any post but not of any use. thanks