Environment
Novell Client for Windows XP/2003
Microsoft Windows XP SP3
Microsoft Windows 2008 R2 Server
Situation
After upgrading from Windows XP SP2 to Windows XP SP3, 802.1x wireless authentication fails against a Windows Server 2008 R2 RADIUS server. Without the Novell Client 802.1x functionality enabled, an 802.1x connection is successfully established in 3 seconds over the wireless adapter installed on the workstation. But, after enabling 802.1x on the Novell Client, the 802.1x connection fails after 60 seconds. Novell Client displays the error:
802.1x Authentication failed. Timeout waiting for authentication to finish. Network Login not attempted.
The Windows Server 2008 R2 NPS RADIUS server log records the error:
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Resolution
Use a different RADIUS server, such as FreeRADIUS instead of the Microsoft Windows 2008 R2 NPS RADIUS server.
Additional Information
Novell's NOVEAP.DLL 802.1x MSCHAPv2 provider isn't handling one or more Crypto-Binding TLVs being sent from the Microsoft Server 2008 R2 NPS RADIUS server. The default NPS server behavior of sending all the supported options is not configurable. Other (non-Microsoft) third-party supplicants have experienced the same problem.
Due to the substantial engineering resources required, and the fact that on October 14, 2010 the Novell Client 4.91 entered the Extended Support phase of its lifecycle, Novell does not expect to implement support for this configuration. (During Extended Support, only security or strategic fixes will be made. https://support.novell.com/lifecycle/faq.jsp#extsupport)