On Fri, 20 May 2011 20:47:21 -0400 Andrew Reid <rei...@bellatlantic.net> wrote:
> > So, apologies for the long-windedness, but what can cause EAP to > fail? Do I need to add some libraries with more authentication > schemes in them somehow? Obviously I have all the dependencies of > wpa_supplicant, but is there something else? > I don't know if I can be of much help, as I'm running EAP-TLS with FreeRADIUS, but you don't have any other takers yet. And all I can suggest is that you probably won't solve this without seeing the RADIUS logs, on what I assume is a Windows server, and I've no idea what they call RADIUS these days. It used to be IAS on Server 2003, and I've never had anything to do with that. Is the Macbook a domain member, and is your machine? Some Windows facilities are available only to domain members, and this may be one. At the very least, RADIUS requires both human and machine to be named in its server configuration. EAP-(T)TLS isn't just something a step up from WPA(2), it uses a separate authentication server, and a Windows one is tied into Active Directory. You clearly have an account, but does your computer? If so, then the RADIUS logs will tell you what authentication is missing. It's possible for a non-domain computer to connect to a Windows VPN or at least was with 2003. Do you do that? If so then you should have the necessary authentication measures installed, if not actually configured yet, though I believe everything necessary has been in the kernel for some years now. I'm afraid I use the Not-Work Manager on Ubuntu to make the connection, and I'm not logging in to Windows, and EAP-TLS is heavy on certificates, so my configurations will be of no use to you. EAP-TTLS also uses a certificate, but on the server only, the idea of TTLS being that you don't need to install anything on the client. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110521122011.1191e...@jresid.jretrading.com
