WPA2 entreprise : Access-Accept but not connected
Alan DeKok
aland at deployingradius.com
Thu Jan 12 15:13:57 CET 2017
On Jan 12, 2017, at 8:41 AM, Arno Tarpin <arno.tarpin at gmail.com> wrote:
>
> Thanks for your answer,
>
> I try many thing and I finally found the problem :
...
> I change the
>
> eap {
>
> default_eap_type = ttls
>
> to
>
>> eap {
>
> default_eap_type = mschapv2
That just changes EAP method negotiation. It should have zero effect on *success* of authentication.
If your users are authenticating via TTLS, this change just makes the authentication take longer.
> and add in the mschapv2 :
>
> mschapv2 {
>
> default_eap_type = mschapv2
>
> copy_request_to_tunnel = yes
>
> use_tunneled_reply = yes
>
> virtual_server = "inner-tunnel"
>
> }
All of that is wrong. It does *nothing*. You should delete the contents of that section, and go back to using the default configuration.
You can't just copy configuration items from one place to another. The configuration is documented *extensively* in the comments.
On top of that, run "radiusd -X" and read the output. You'll see the "mschapv2" section being parsed, and that none of the configuration you added is being printed out. Why? Because it's not used.
> This work for me but I still don't know why, for me *default_eap_type =
> ttls* at the begin should point to :
>
> ttls {
>>
>> default_eap_type = mschapv2
>>
>> copy_request_to_tunnel = yes
>>
>> use_tunneled_reply = yes
>>
>> virtual_server = "inner-tunnel"
>>
>> }
>>
>> Which point to the module/mschap file ?
>
> Anyway now it's seem to work, Thanks you for your support !
Whatever you did, the changes above didn't affect anything. And I don't recommend people making these changes.
Again, making random changes to the configuration is entirely the wrong approach. You need to understand what the configuration does. You need to read the debug output. You need to configure things to work.
Alan DeKok.
More information about the Freeradius-Users
mailing list