EAP-TTLS problem at phase 1

K. Hoercher wbhoer at gmail.com
Sat Oct 21 19:27:20 CEST 2006


Hi,

ok, i played around a bit and found EAP-TTLS working with no
particular problems.

On 10/21/06, Rafiqul Ahsan <rafiqul.ahsan at gmail.com> wrote:
> "testuser" User-Password := "testuser"
looks ok, but I'm not absolutely sure about the quotation marks for
the username, they are not needed in any case.


> the error was about no matching "anonymous_identity", and thats why I had to
> have a DEFAULT entry after this with Auth-Type :=EAP.

As you didn't show that error one cannot check for it's real cause.
Everything else correctly configured you don't need that setting (and
it might be actually wrong depending on circumstances).

> Do you suggest any particular format of my users file ? Please note, the
> phase 1 user identity is "anonymous_identity", and phase 2 user/passwd is
> "testuser/testuser".

I did take note. So, take an unaltered users file and just add your
line as mentioned above.
Something I found in your previous post led to an failure here. Use
phase2="autheap=MSCHAPV2"
instead of
phase2="auth=MSCHAPV2"

> modcall: entering group authenticate for request 1^M
> rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
> EAP-request^M

That does look strange (and might indicate your real problem), if it
still persists with the suggested changes it might be useful to dig
further into that. Perhaps you could add another -x to the freeradius
invocation to get timestamps on the logfile.

regards
K. Hoercher



More information about the Freeradius-Users mailing list