Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
yackobeckm Absent Member.
Absent Member.
1734 views

Windows XP with Novell Cleint 4.91 SP5 and Wired 802.1X

To start off, I’ll give a little background to what we have accomplished already and then where we’re trying to go.

We’ve implemented the use of FreeRadius for our wireless infrastructure at one of our sites to provide 802.1X support to our Windows XP SP3 clients running Novell Client 4.91 SP5. We are currently running SLES10 SP3 with OES2 SP2 on the server side. To do so we found that in the client we had to enable 802.1X support and have it negotiate the initial request for network access prior to performing the actual logon sequence. Works absolutely great with the wireless after about a month and a half of trial and error to get things going. But here’s where things start going south on us…..

Because of the success of the wireless implementation and the needs of another location, we are now trying to move forward in implementing 802.1X on our wired clients without a whole lot of success. Initially when we plugged in the wire and tried to login, we would just get the error that no 802.1X connections were found and it would fail out saying tree or server not found. Obviously the system didn’t authenticate to the network and therefore was not placed on the proper VLAN. We found the 4.91 Post SP5 Novell EAP patch and applied it to the system and we got a little bit further. We’re no longer getting the error with regards to “no 802.1X connections found”, however we’re getting that the radius authentication has timed out. The managed switch that we are using in this case is an HP ProCurve 2610-24.

If we watch the server hosting FreeRadius that we’re testing against, we don’t see the actual attempt to authenticate to the network. However; while logging into the system using workstation only, once we get to the desktop, while still watching the radius server, we do see the system authenticate properly and the switch will change the system over to the proper VLAN at that time.

Here’s the kicker in my eyes though….

The odd time, say 1 in 5 or 6 login attempts, you’ll actually see the radius authentication happen at time of login, but it still will come back saying tree or server not found because it gives up prior to the managed switch actually having the time to change the system over to the proper VLAN. I know there are some settings in the client configuration that can be adjusted for server retries so I’m not over concerned about that part of it.

Any assistance in getting the login to be more consistent would be greatly appreciated.
Labels (1)
0 Likes
3 Replies
yackobeckm Absent Member.
Absent Member.

Re: Windows XP with Novell Cleint 4.91 SP5 and Wired 802.1X

One of the other annoyances that I forgot to mention was that we're also seeing the wired NIC being disabled in Windows randomly without the user doing any kind of intervention.
0 Likes
Highlighted
rdseepaul Absent Member.
Absent Member.

Re: Windows XP with Novell Cleint 4.91 SP5 and Wired 802.1X

On 08/10/2010 3:06 PM, yackobeckm wrote:
> One of the other annoyances that I forgot to mention was that we're also
> seeing the wired NIC being disabled in Windows randomly without the user
> doing any kind of intervention.
>
>

I do not know if this has any bearing on your issue but I did have
issues with NOVEAP.DLL not being registered and this seemed to be the
cause of the Local Area Connection on workstations coming up in a
disabled state every time a machine was rebooted.
The cure was to use regsvr32 c:\windows\system32\noveap.dll to manually
register noveap.dll. and after that the Local Area Connection would not
come up in a disabled atate on workstation boot.
Try manually registering noveap.dll and see if it helps. If not no harm
done.
0 Likes
yackobeckm Absent Member.
Absent Member.

Re: Windows XP with Novell Cleint 4.91 SP5 and Wired 802.1X

Manually registering the DLL file appears to have made things more reliable with regards to the NIC not being disabled on reboot.

It has also made a major difference in the authentication part of it, from the testing i've done today watching the RADIUS server, almost all of the login attempts are actually going to the server and being authenticated, but i'm still getting the "tree or server not found" error.

Any suggestions on this part of it would be greatly appreciated. I've tried playing with a few of the settings with regards to server retries, but to no avail.

Thanks
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.