658 CHAPTER B: RADIUS SERVER AND RADIUS CLIENT SETUP
In the example above, Tunnel-Medium-Type has been set to TMT802, to force
FreeRADIUS to treat 802 as a string requiring to be looked up in the dictionary and
return integer 6, rather than return integer 802 which would be the case if
Tunnel-Medium-Type was set to 802.
Setting Up the RADIUS ClientThis section covers the following RADIUS clients:
nWindows 2000 built-in client
nWindows XP built-in client
nAegis Client Installation
Windows 2000 built-in
client
Windows 2000 requires Service Pack 3 and the IEEE 802.1x client patch for
Windows 2000.
1Downloaded the patches if required from:
http://www.microsoft.com/Downloads/details.aspx?displaylang=en&Famil
yID=6B78EDBE-D3CA-4880-929F-453C695B9637
2After the updates have been installed, start the Wireless Authentication Service in
Component Services on the Windows 2000 workstation (set the service to startup
type Automatic).
3Open the Network and Dial up connections folder, right-click the desired Network
Interface and select Properties.
4Select the Authentication tab and check Enable Network Access Control using IEEE
802.1x
5Set Smart Card or Certificate as EAP type and select the previously imported
certificate as shown below.
Windows XP built-in
client
The RADIUS client shipped with Windows XP has a security issue which affects the
port authentication operation. If the RADIUS client is configured to use EAP-MD5,
after a user logs-off, then the next user to log-on will remain authorized with the
original user’s credentials. This occurs because the Microsoft client does not