FreeRADIUS InkBridge

Client Configuration

Why doesn’t PEAP or EAP-TLS work on a Windows machine?

The most common problem with PEAP is that the client sends a series of Access-Request messages, the server sends an series of Access-Challenge responses, and then nothing happens. After a little wait, the process starts again.

If you see this happening STOP!

The RADIUS server certificate has to have special OID’s in it, or else the Microsoft clients will silently fail. See the "scripts/xpextensions" file in the server "tar" file for examples, and the relevant Microsoft KB814394 and KB885453 pages.

You must follow the instructions on the first page, and install the hot fix from the second page for PEAP or EAP-TLS to work with a Windows machine.

How do I make Windows XP clients use only PAP (Not CHAP)

  • Go to Network Connections an open Properties for this connection.

  • Select Security tab.

  • Click on Advanced radio button, and then on Settings button.

  • Leave only PAP ticked.

  • Click OK, OK to set it.

If you have control over NAS, then set it to accept only PAP authentication. If you do that, all clients will "listen" and use only PAP. In that case there is no need to configure anything on the client(s).