WPA2 entreprise : Access-Accept but not connected

Arno Tarpin arno.tarpin at gmail.com
Thu Jan 12 14:41:12 CET 2017


Thanks for your answer,

I try many thing and I finally found the problem :

 In the eap.conf :

eap {
>
>     default_eap_type = ttls
>
>     timer_expire     = 60
>
>     ignore_unknown_eap_types = no
>
>     cisco_accounting_username_bug = no
>
>     max_sessions = 4096
>
>     tls {
>
>         certdir = ${confdir}/certs
>
>         cadir = ${confdir}/certs
>
>         private_key_password = whatever
>
>         private_key_file = ${certdir}/server.key
>
>         certificate_file = ${certdir}/server.pem
>
>         CA_file = ${cadir}/ca.pem
>
>         dh_file = ${certdir}/dh
>
>         random_file = /dev/urandom
>
>         CA_path = ${cadir}
>
>         cipher_list = "DEFAULT"
>
>         make_cert_command = "${certdir}/bootstrap"
>
>         ecdh_curve = "prime256v1"
>
>         cache {
>
>             enable = no
>
>             lifetime = 24 # hours
>
>             max_entries = 255
>
>         }
>
>     }
>
>     ttls {
>
>         default_eap_type = mschapv2
>
>         copy_request_to_tunnel = yes
>
>         use_tunneled_reply = yes
>
>         virtual_server = "inner-tunnel"
>
>     }
>
>     peap {
>
>         default_eap_type = mschapv2
>
>         copy_request_to_tunnel = yes
>
>         use_tunneled_reply = yes
>
>         virtual_server = "inner-tunnel"
>
>     }
>
>     mschapv2 {
>
>     }
>
> }
>
>
I change the

eap {

    default_eap_type = ttls



to

> eap {

    default_eap_type = mschapv2



and add in the mschapv2 :



mschapv2 {

default_eap_type = mschapv2

        copy_request_to_tunnel = yes

        use_tunneled_reply = yes

        virtual_server = "inner-tunnel"

    }

This work for me but I still don't know why, for me *default_eap_type =
ttls* at the begin should point to :

 ttls {
>
>         default_eap_type = mschapv2
>
>         copy_request_to_tunnel = yes
>
>         use_tunneled_reply = yes
>
>         virtual_server = "inner-tunnel"
>
>     }
>
> Which point to the module/mschap file ?

Anyway now it's seem to work, Thanks you for your support !

2017-01-12 11:51 GMT+01:00 Matthew Newton <mcn4 at leicester.ac.uk>:

> On Thu, Jan 12, 2017 at 10:18:04AM +0100, Arno Tarpin wrote:
> > First I'm sorry for my bad English...
>
> Your English is good.
>
> > I just install Freeradius (using this tutorial
> > <https://blog.fenrir.fr/2013/09/07/655/>), everything work (I get a
>
> The best instructions to follow are generally Alan DeKok's at
> http://deployingradius.com/
>
> > access-accept when I try the radtest command) but when I try connect to
> the
> > AP using WPA2 Entreprise, my devise (I use an Iphone but with a Laptop I
> > get the same problem) don't connect.
>
> > Sending Access-Accept of id 27 to 192.168.11.122 port 55831
> >         MS-MPPE-Encryption-Policy = 0x00000002
> >         MS-MPPE-Encryption-Types = 0x00000004
> >         MS-MPPE-Send-Key = 0xd2945975ecf1a221e1ee1d070d2891dd
> >         MS-MPPE-Recv-Key = 0x834f4d25d1269b7014c27c5140b1f898
> >         Message-Authenticator = 0x00000000000000000000000000000000
> >         User-Name = "a.tarpin"
> >         MS-MPPE-Recv-Key = 0xe27cfc4aeaf04ba460adf86811d3
> c2a068b52bbe4e30d0e79c48a1d801de5bbc
> >         MS-MPPE-Send-Key = 0x4e3c07e4df836b2af32406a60a1b
> a337d035d39c2608723f6c43a54c636db116
> >         EAP-Message = 0x037c0004
>
> You've got two sets of MS-MPPE-Recv-Key/MS-MPPE-Send-Key.
>
> If you've set use_tunneled_reply = yes in the eap ttls
> configuration, set it back to "no" again and try again.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list