more EAP/TTLS trouble

Steve Hopps steve.hopps at gmail.com
Tue May 29 22:17:35 CEST 2012


The only computer in our office which causes certificate errors is a
Windows 7 machine. So I attempted to connect using EAP/TTLS and
MSCHAPv2 using my linux machine and my Android phone. Now I get a
different error.

I also tried using PEAP on my Android phone, and received no
certificate errors. What could the windows machine be doing different?
Why does the machine even enter the picture when the authentication is
between the Access Point and the server?

Below is the portion of the log which shows the rejection, when using
my Android phone, TTLS and MSCHAPv2 (that is what Windows uses isnt
it?) Where I am confused is near the bottom, what is causing the
rejection?

++[pam] returns invalid

or

[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid

log follows----

server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 222
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist!
 Cancelling invalid proxy request.
Found Auth-Type = PAM
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
rlm_pam: Attribute "User-Password" is required for authentication.
++[pam] returns invalid
Failed to authenticate the user.
Login incorrect: [test] (from client -REMOVED- port 0 via TLS tunnel)
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [test] (from client -REMOVED- port 0 cli B4-07-F9-F2-99-F6)
Using Post-Auth-Type Reject


More information about the Freeradius-Users mailing list