Cross platform secure login on wpa2
Henti Smith
henti at geekware.co.za
Tue Dec 20 12:34:19 CET 2016
On 20 December 2016 at 11:16, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
wrote:
> > I got it working after adding phase2 pap to the client test on the local
> > machine. I'm using rad_eap_test which is a wrapper around eapol_test
>
> Ok. That *should* work.
>
I was really hoping as well.
> > When I try to connect with an android device using
> >
> > * eap method : TTLS
> > * Phase-2 auth : PAP
> [8<]
> > I've placed the logs here : https://hastebin.com/rufukabebu.sql
>
> For Matthew, Alan D et al who prefer raw text, try
> https://hastebin.com/raw/rufukabebu
Thanks. I didn't know you could do that.
> > # Executing group from file /etc/freeradius/sites-enabled/default
> > +group authenticate {
> > [eap] EAP Identity
> > [eap] processing type md5
> > rlm_eap_md5: Issuing Challenge
>
> Ok, it appears that /etc/freeradius/eap.conf sets the default EAP type to
> 'md5'. Change that to 'ttls', otherwise you waste time negotiating EAP
> types.
>
> Looking at the log, the session never gets to the inner-tunnel... so it
> never gets to do the Kerberos song-and-dance. It terminates before then.
>
Updated eap.conf to default eap to ttls
Same problem. Still not getting to inner-tunnel.
https://hastebin.com/raw/dosodefozi
H
--
--
More information about the Freeradius-Users
mailing list