WPA Enterprise, 802.1X, Freeradius, EAP & Kerberos
Ivan Kalik
tnt at kalik.net
Fri May 8 21:40:03 CEST 2009
> Hello,
>
> I am trying to implement WPA Enterprise / 802.1X, Freeradius and
> Kerberos. The client is a Linksys running DD-WRT. The Supplicant is
> Mac OS Laptop. Both are most recent versions of OS.
>
> I can exececute radtest on localhost and authenticate through
> Freeradius to my KDC.
> I can get my wireless AP to authenticate through WPA if the user is
> located in /etc/raddb/users.
> I cannot get all the pieces working together. Laptop->AP->Freeradius-
> >Kerberos.
>
...
> server inner-tunnel {
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[unix] returns notfound
> [suffix] No '@' in User-Name = "tester", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] EAP packet type response id 6 length 11
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry DEFAULT at line 1
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type mschapv2
...
Kerberos module can't authenticate mschap requests. Only pap.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list