Cross platform secure login on wpa2
Henti Smith
henti at geekware.co.za
Tue Dec 20 10:27:04 CET 2016
On 19 December 2016 at 23:54, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
wrote:
> Hi Henti,
>
Hi Stefan,
> >Authentication is still not working, but at least I'm now getting krb auth
> >attempts, which fails due to 'Attribute "User-Password" is required for
> >authentication'
>
> Ok, that's progress.
>
I got it working after adding phase2 pap to the client test on the local
machine. I'm using rad_eap_test which is a wrapper around eapol_test
> > # Linked to sub-module rlm_eap_ttls
> > ttls {
> > tls = "tls-common"
> > default_eap_type = "md5"
>
> Hmmm, this is still set to 'md5'. I'd set this (in the
> 'mods-available/eap' file under 'ttls') to 'gtc'. That way the default is
> generic token card, not MD5.
>
I've updated the above and tested locally and working.
When I try to connect with an android device using
* eap method : TTLS
* Phase-2 auth : PAP
and I get :
WARNING: !! EAP session for state 0x3e833be03884222b... did not finish!
WARNING: !! Please read
http://wiki.freeradius.org/guide/Certificate_Compatibility
Which I read and using the guide at
http://deployingradius.com/documents/configuration/certificates.html
created new certs as I was using our wildcard certs before from
Comodo.
I also installed the ca cert on the android device and still getting
the same error.
I've placed the logs here : https://hastebin.com/rufukabebu.sql
Regards
Henti
--
--
More information about the Freeradius-Users
mailing list