WPA-EAP AES - dslreports.com

Author	All Replies
ackovski join:2005-03-18 7000 1 edit	WPA-EAP AES I havent slept for the past week... I am using WinXP, D-Link DWL-2100AP (it has option for WPA-EAP with AES) and a RT-2500 card using Ralink's driver (it has options for WPA-EAP and also WPA2 but since the D-Link hasnt im using only WPA)... now... I have tried... Odyssey Server and Client... I cant find any option to add user and pass in the server, it only allows user from a local domain... what about a user that will connect from the WLAN? Steel Belted Radius... It has options for adding users but in the options for authentication there is no TTLS or CHAP (user-pass), only TLS (with certificates) and its all too complicated. Evolynx RADIUS... Lucidlink... I cant make anything work... I tried all combinations with servers and clients but nothing... maybe im making some mistake in TTLS or CHAP settings?
	to forum · permalink · · 2005-11-30 14:20:14 ·
DavidJWood Premium join:2001-10-12 UK	I'd drop to TKIP to start with, as all WPA implementations should support TKIP (and not all support AES). That said, I think your problems are more with the RADIUS side of things, that is EAP, rather than the encryption. Once you get things working with TKIP, you can try setting the AP and the clients to AES, and see if things work. If you're using the WZC supplicant in Windows XP, you only have the option of EAP-TLS (which requires client certificates) and EAP-PEAP-MSCHAPv2 (which doesn't require client certificates - it works on user names and passwords). EAP-PEAP-MSCHAPv2 is probably the easiest option to get going first, though I use EAP-TLS, largely because I could only figure out how to have Windows XP machines using WZC active on the wireless network when not logged on when using EAP-TLS. WZC can get itself in a knot if you change the settings associated with an SSID - it can be better to delete the settings completely, or change the SSID. I can't give you detailed setup instructions for either of the RADIUS servers you mention; the only one I have any experience with is FreeRADIUS, which I run on my FreeBSD box. I keep meaning to document my FreeRADIUS settings and post some up to date instructions here, but that's competing with many other demands on my limited time and energy at the moment. I'd start by putting the RADIUS server in a debug mode or similar, and watching what is going on when a client tries to connect. David
	to forum · permalink · · 2005-11-30 16:59:41 ·
ackovski join:2005-03-18 7000 1 edit	reply to ackovski Something is really wrong here... Since I couldnt make WPA-EAP work... I tried the WPA-PSK. I set a 20 character secret, then just wanted to see if its working... I put "asdasd" as a secret in the WZC... and it connected, although the secret was wrong! It was working all fine like there was no encryption! I think all this encryption thing sucks!
	to forum · permalink · · 2005-11-30 23:23:05 ·
DavidJWood Premium join:2001-10-12 UK	As I said earlier, WZC can get itself in a knot if you change the settings associated with an SSID - it can be better to delete the settings completely, or change the SSID. That said, if your network is working with the wrong PSK, it sounds like your AP is doing something very wrong. I'd get WPA-PSK working reliably first, then try to migrate to WPA-EAP (which I'd do on a separate SSID, so that you can revert to PSK without having to reconfigure the client(s)). David
	to forum · permalink · · 2005-12-02 07:15:27 ·
MS_wantsitlikethat @cox.net	reply to ackovski quote: It was working all fine like there was no encryption! This is well know behavior for Windows XP. There is a config option to allow/disallow connections to unencrypted SSIDs if it fails to associate with the configured SSID. Unfortunately the option defaults to the most insecure mode - allow unencrypted associations. It also doesn't warn the user it is doing this.
	to forum · permalink · 2005-12-02 20:09:28 ·
ackovski join:2005-03-18 7000	reply to ackovski MS_wantsitlikethat... I'm sorry, but I'm Macedonian and didn't quite understand what you said. Im using WinXP... about what you said above... Does it mean it will work with any secret if you use WZC?!? Or it just says connected, but it is not working in fact? If I set WPA-PSK and try to connect with the Ralink's client software then the WPA-PSK works! If I set a wrong secret, then it tries to connect and then disconnects after 5 seconds, but the windows connection icon in the tray always shows the one saying "connected", although the icon of the Ralink's client software shows connect/disconnect every 5 seconds. Setting the correct secret and both are connected all the time!
	to forum · permalink · · 2005-12-04 01:49:47 ·
ackovski join:2005-03-18 7000	reply to ackovski Whats the use of the other vendors client software if the WZC connects to any of them? I tried to connect to a local WEP protected WLAN and it connected, although I dont know if the IP was correct or was I really connected.
	to forum · permalink · · 2005-12-05 01:52:43 ·


Thursday, 26-Nov 08:52:39	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF