Home Page › Forums › Network Management › ZeroShell › wireless identity validation problem
- This topic is empty.
-
AuthorPosts
-
June 15, 2007 at 6:06 pm #40652
nrandom
MemberI am using paul taylor’s document for configuring wireless and windows clients.
I have followed his document to the letter. However, when I try to connect with windows xp client I get the message ‘validating identity’ for a about 2 minutes. Then I receive an error message saying it cannot find a certificate.
Has anyone else seen this? Has anyone solved this and how did you do so?
thanks for the help
noemiJune 18, 2007 at 9:36 pm #45461nrandom
Memberturned out the notebooks had a os problem. It now validates.
July 29, 2007 at 4:11 pm #45462msanders
MemberI am also having a ‘validating identity’ problem, could you please tell me what your problem was, maybe I have the same.
My setup is:
Linksys wrt54G with linksys own firmware (latest) Version 1
Seperate firwall, linksys on seperate network as zeroshell
I have followed paul taylor’s document line by line, I am just not sure what is wrong. I have also tried different laopts with different wireless cards thinking it is hardware, and still no.
Apppreciate any pointers, I have been spending countless hours and no result, I need some fresh ideas.
Thanks,
MikeJuly 29, 2007 at 7:51 pm #45463nrandom
MemberWhat I found was that windows wireless setup was generating another configuration after I finished mine. It did not show up until I tried to connect for the first time.
Then when I opened wireless properties I saw that I had two configurations for the same ESSID.
The fix was to keep the autogenerated one by windows ( it was in all caps) and remove the one I setup.
Also, in wireless properties tab authentication, windows was defaulting to smart card for authentication even though I chose certificates.
Hope this helps. I know your frustration!
July 30, 2007 at 12:59 am #45464msanders
MemberThanks for response.
Well It doesn’t seem to be my problem. If I just got an error, that would be something, It just keep saying ‘validating identity’ for ever. I wonder if it is the firmware? Or the fact that it is on different network. I opened all ports between Linksys router IP and zeroshell IP.
Anyone, any idea? I have wiped and re-tried zeroshell multiple times, I have reset the router, I have done all I could think of. I am wiling to put DD-WRT on, if something thinks that would help. Maybe if someone has gotten it to work with the default linksys router, could share their experiance. Also if your running your router and zeroshell on different network, maybe you could also help there.
Thanks in advance,
MikeJuly 30, 2007 at 9:49 pm #45465imported_fulvio
ParticipantHave you checked the radiusd log?
July 31, 2007 at 1:57 am #45466msanders
MemberAfter activating logs under log menu, I go to logs, radiusd section, and it says “Ready to process requests.”
But I don’t see anything else, I press referesh and nothing. Do I have to activate anything else to see more logs?
Now I am wondering If I am connecting to radius server from the router?
Anyway I can test these connections? My laptop is on the same network as my linksys router and I can ssh from laptop to zeroshell, so that tells me they can talk to each other since I opened all ports. or maybe the problem is laptop to router. I wish I would some kind of error here.
Thanks,
MikeJuly 31, 2007 at 6:31 am #45467imported_fulvio
ParticipantHave you correctly configured the Access Point IP and related Shared Secret in the section [Radius]->[Access Point]?
August 1, 2007 at 1:45 am #45468msanders
MemberI have double checked those and it looks fine, the ip is the WRT54G and the 31 characters key.
What I am noticing which could be the problem is the linksys router, every day I come, I can not login to it, I had to reboot it, now today, no matter what I do, I can not login to it focurse no resets yet. I think either router or firmware is a problem, since I have already reset it rnough times, it is time for DD-WRT, I give that one a chance, it can not be worse than linksys oen firmware. If at that point it act crazy, then maybe it is time to buy a new router.
Unless anyone has any other suggestion, I will change the firmware, try again and let everyone know the result which I am hoping to be positive.
Thanks,
MikeAugust 4, 2007 at 1:32 am #45469msanders
MemberWell, I installed DD-WRT, that went well, but it did not work. I tried everything. So I said to myself, what happens if I put both zeroshell and the wrt54g on same network, yes it works.
So once on same network, I did netstat and I see whats established. UDP port 1812 between wrt54g and zeroshell. Once they are on seperate network, the same port gets established , but it does not work. So I am out of ideas.
Maybe someone who has similar setup with two networks, could give me some ideas please. If such a setup is not possible, then I like to know. I could always put zeroshell on blue network which is my wireless network. Right now zeroshell is on green network.
Maybe someone could answer this: If it is possible to have them on seperate network?
Thanks in advance for any info,
MikeAugust 4, 2007 at 9:08 am #45470imported_fulvio
ParticipantI think that between the radius server and your access point there is a NAT router. If so you must associate the shared secred in the access point list with the IP address of the NAT router. This is because the access point contacts the radius server with a masqerade IP.
Regards
FulvioAugust 5, 2007 at 1:29 am #45471msanders
MemberWell I looked over everything. If I underestood you correctly, my setup is:
zeroshell: green network: 192.168.1.230 gatway 192.168.1.1
Accesspoint: Blue network: 192.168.1.240 gateway 192.168.2.1Blue can ssh to zeroshell, firewall shows that only these two ips are trying to talk to each other. UDP port 1812
I am also posting to IPCops forum see anyone over there has any ideas.
I was reading more and it seems to be normal for people to put both on different networks, actually recommended.
I have put holes in firewall everywhere, nothing seems to work. Could it have anything to do with some kind of route I have to setup?
Thank again,
MikeAugust 5, 2007 at 7:12 am #45472imported_fulvio
ParticipantFrom the section [Radius]->[Access Point] you must add the IP 192.168.1.1 (IPCop NAT firewall) with the shared secret of the accesspoint.
August 6, 2007 at 9:03 pm #45473msanders
MemberWell good news, it worked. The problem was so easy; I am so ashamed not seeing it earlier. It was not zeroshell at all. So everything normal like the document said. The problem was that, the Linksys router has 3 MAC address coming out of it. One of them is LAN. In DD-WRT, it shows them clearly. That one has to be added to my firewall to have access to outside. Everything works perfectly after that.
So easy, I can’t believe I never saw it.
Thanks Fulvio for being so patient and trying to solve my problem.
Mike
-
AuthorPosts
- You must be logged in to reply to this topic.