Windows XP with Novell Cleint 4.91 SP5 and Wired 802.1X
To start off, I’ll give a little background to what we have accomplished already and then where we’re trying to go.
We’ve implemented the use of FreeRadius for our wireless infrastructure at one of our sites to provide 802.1X support to our Windows XP SP3 clients running Novell Client 4.91 SP5. We are currently running SLES10 SP3 with OES2 SP2 on the server side. To do so we found that in the client we had to enable 802.1X support and have it negotiate the initial request for network access prior to performing the actual logon sequence. Works absolutely great with the wireless after about a month and a half of trial and error to get things going. But here’s where things start going south on us…..
Because of the success of the wireless implementation and the needs of another location, we are now trying to move forward in implementing 802.1X on our wired clients without a whole lot of success. Initially when we plugged in the wire and tried to login, we would just get the error that no 802.1X connections were found and it would fail out saying tree or server not found. Obviously the system didn’t authenticate to the network and therefore was not placed on the proper VLAN. We found the 4.91 Post SP5 Novell EAP patch and applied it to the system and we got a little bit further. We’re no longer getting the error with regards to “no 802.1X connections found”, however we’re getting that the radius authentication has timed out. The managed switch that we are using in this case is an HP ProCurve 2610-24.
If we watch the server hosting FreeRadius that we’re testing against, we don’t see the actual attempt to authenticate to the network. However; while logging into the system using workstation only, once we get to the desktop, while still watching the radius server, we do see the system authenticate properly and the switch will change the system over to the proper VLAN at that time.
Here’s the kicker in my eyes though….
The odd time, say 1 in 5 or 6 login attempts, you’ll actually see the radius authentication happen at time of login, but it still will come back saying tree or server not found because it gives up prior to the managed switch actually having the time to change the system over to the proper VLAN. I know there are some settings in the client configuration that can be adjusted for server retries so I’m not over concerned about that part of it.
Any assistance in getting the login to be more consistent would be greatly appreciated.