Wed Oct 10, 2012 9:56 am
Yes, I have anything: according to me, link between AP mikrotik and IAS (Microsoft Win 2003) is good: in Mikrotik log, when I create radius:
- Config ---------------------
/radius
add address=192.168.88.2 secret=secret service=wireless
- Log -----------------------------
08:39:41 radius,debug,packet sending Accounting-Request with id 0 to 192.168.88.2:1813
08:39:41 radius,debug,packet Signature = 0x51a933f37025d4f52a
08:39:41 radius,debug,packet Acct-Status-Type = 7
08:39:41 radius,debug,packet NAS-Identifier = "MikroTik"
08:39:41 radius,debug,packet Acct-Delay-Time = 0
08:39:41 radius,debug,packet NAS-IP-Address = 192.168.88.1
08:39:41 radius,debug,packet received Accounting-Response with id 0 from 192.168.88.2:1813
08:39:41 radius,debug,packet Signature = 0x3f711f4ff872b2ed67b
08:39:41 radius,debug received reply for 05:00
------------------------------
In Win 2003 (c:\windows\system32\logfiles\), I see, at the same time:
------------------------------
192.168.88.1,,10/10/2012,08:40:38,IAS,HUG,40,7,32,MikroTik,41,0,4,192.168.88.1,4108,192.168.88.1,4116,0,4128,mikrotik,4155,2,4136,4,4142,0
------------------------------
But nothing else in log when XP try to connect.
My wifi XP configuration (the same as for DLink AP that works fine):
. authentication: open
. cypher: WEP
. WEP key: anything, not usefull
. key is not given automatically
. authentication:
- 802.1X activated
- protected EAP:
. validate server certicate
. CA: my CA (on my 2003 DC)
. authentication method: MS-CHAP v2
- don't use automatically my session name
- computer authentication if available.
Is my mikrotik AP understand it has to use radius ?
- security-profile ---------------------
/interface wireless security-profiles
set [ find default=yes ] eap-methods=passthrough
- and radius ---------------------
/radius
add address=192.168.88.2 secret=secret service=wireless
-----------------------------------
An other time, thanks for all.
Best regards.