Hi Alex,
Not sure about Radiator, but we have Windows Mobile 2005 and 2006
connecting OK using WPA/TKIP/PEAP/MSCHAPv2 with a freeradius server and
offer the following notes in case they help.
First, we do get the error message relating to client certificates, but
as we are using PEAP/MSCHAPv2 we shouldn't need a client certificate -
just click OK and it goes away...
The main problem we did have was that Windows Mobile 2005 forces server
certificate validation (unless you're willing to do something drastic
like hack the registry). The UKERNA TLS server certificate is fine for
this, but you also need the intermediate CA certificate (format
sureserverEDU.pem for freeradius) and the root CA certificate
(ct_root.pem) to configure the radius server - the email with your
server certificate has links for these in different formats to suit your
platform.
The freeradius configuration files only allow us to specify the root
certificate and the server certificate. We therefore needed a single
file that bundles both the server certificate and the intermediate
certificate together for use in the freeradius configuration eg. on a
linux setup use the command:
cat server_cert.pem sureserverEDU.pem > server_bundle.pem
The Windows Mobile client should trust the root CA certificate by
default, and with freeradius configured to offer it the intermediate
certificate in this way the PDA should now trust the server and make a
connection.
Checking/debugging this setup can be easier using a laptop - keep the
'Validate Server Certificate' box checked on the "Protected EAP
properties" dialog and check the GTE Cyber Trust Global Root box in the
list of root CA's.
Hope this is of some use.
Jim Stanton
Canterbury Christ Church University
-----Original Message-----
From: Wireless Issues in the JANET community
[mailto:[log in to unmask]] On Behalf Of Alex Sharaz
Sent: 29 November 2007 13:07
To: [log in to unmask]
Subject: Windows mobile connectivity problems
Chaps,
We are currently rolling out our new Trapeze networks wireless service
round the campus. Radius authentication is provided by a Radiator 3.17.1
hardware load balanced solution. Server certificate is a UKRENA
sureserverEDU beast
Everything works just fine for windoze laptops, OS X systems and older
windows mobile 2003 PDAs running the Odyssey client. However, any
attempt to connect using Windows mobile 2005 or 2006 fails with an error
message saying that a client certificate is required.
So ...
Is anyone out there providing wireless access for WM 2006 ?
Was there anything specific you had to do to get it to work
Alex
|