# Freeradius-2.0.5 and Vista SP2

## mariourk

I have secured my wireless network with Freeradius-2.0.5 (running on my Gentoo-server) Every client has to authenticate with an SSL-certificate, before getting access to the wireless network. This works fine for both windows (XP and Vista) and Linux (Ubuntu 9.04) clients. However, sice 2 vista clients where updated to SP2, they can't connect anymore.

This is what radiusd -X says:

```

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.1.123 port 2049, id=2, length=133

    User-Name = "Pietje Puk"

    NAS-IP-Address = 192.168.1.123

    Called-Station-Id = "00226b8676fb"

    Calling-Station-Id = "00215c2dd5ef"

    NAS-Identifier = "00226b8676fb"

    NAS-Port = 23

    Framed-MTU = 1400

    NAS-Port-Type = Wireless-802.11

    EAP-Message = 0x0200000f014e656c6c79204f6f7374

    Message-Authenticator = 0x3ef0b2f9fac3b12b6476a230651a27f2

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "Pietje Puk", looking up realm NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: EAP packet type response id 0 length 15

  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

    users: Matched entry Pietje Puk at line 18

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

  rad_check_password:  Found Auth-Type EAP

auth: type "EAP"

+- entering group authenticate

  rlm_eap: EAP Identity

  rlm_eap: processing type tls

 rlm_eap_tls: Requiring client certificate

  rlm_eap_tls: Initiate

  rlm_eap_tls: Start returned 1

++[eap] returns handled

Sending Access-Challenge of id 2 to 192.168.1.123 port 2049

    EAP-Message = 0x010100060d20

    Message-Authenticator = 0x00000000000000000000000000000000

    State = 0x2ef5a31f2ef4aea21b4d93bd7a29a8b3

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 192.168.1.123 port 2049, id=2, length=142

Cleaning up request 0 ID 2 with timestamp +17

    User-Name = "Pietje Puk"

    NAS-IP-Address = 192.168.1.123

    Called-Station-Id = "00226b8676fb"

    Calling-Station-Id = "00215c2dd5ef"

    NAS-Identifier = "00226b8676fb"

    NAS-Port = 23

    Framed-MTU = 1400

    State = 0x2ef5a31f2ef4aea21b4d93bd7a29a8b3

    NAS-Port-Type = Wireless-802.11

    EAP-Message = 0x020100060319

    Message-Authenticator = 0x9840aa9e1d5478eb7e05a8184aad0e91

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "Pietje Puk", looking up realm NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: EAP packet type response id 1 length 6

  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[unix] returns notfound

    users: Matched entry Pietje Puk at line 18

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

  rad_check_password:  Found Auth-Type EAP

auth: type "EAP"

+- entering group authenticate

  rlm_eap: Request found, released from the list

  rlm_eap: EAP NAK

 rlm_eap: NAK asked for unsupported type 25

 rlm_eap: No common EAP types found.

  rlm_eap: Failed in EAP select

++[eap] returns invalid

auth: Failed to validate the user.

Login incorrect: [Pietje Puk/<via Auth-Type = EAP>] (from client AP_Radius_Beneden port 23 cli 00215c2dd5ef)

  Found Post-Auth-Type Reject

+- entering group REJECT

    expand: %{User-Name} -> Pietje Puk

 attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Sending Access-Reject of id 2 to 192.168.1.123 port 2049

    EAP-Message = 0x04010004

    Message-Authenticator = 0x00000000000000000000000000000000

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 1 ID 2 with timestamp +17

Ready to process requests.

```

I suppose it goed wrong here:

```

rlm_eap: No common EAP types found.

rlm_eap: Failed in EAP select

etc

```

Does anyone else have problems with Vista SP2 and Freeradius?

Does someone know how to fix this?  :Confused: 

----------

## mariourk

I managed to solve it. The autentication method was set to Protected EAP (PEAP).

After setting this to Smartcard or other certificate it worked fine. Even with validate server certificate enabled  :Very Happy: 

----------

