no response from eap challenge

Alan DeKok aland at deployingradius.com
Mon May 10 21:44:40 CEST 2021


On May 10, 2021, at 1:31 PM, Bill Schoolfield <bill at billmax.com> wrote:
> 
> I'm having difficulty getting eap-ttls to work for a cambium 450 AP and SM. As far as I know (I took over this project from someone else), I have a relatively stock setup (using the cert generated by freeradius, etc) with few changes to configuration. Initially I tried to get the cambium equipment working and ran into tls versions issues. It appears the cambium equipment only works on tls 1.0 (yes I know this is bad). So I've set the min and max tls versions accordingly. Now I have the situation where the server gets no response from the eap challenge.

  That's almost always due to the client not liking (or knowing about) the server certificate, and/or the CA cert.

> I also have tried the radeapclient and I get the same result. The log for the radeapclient and freeradius are listed below. Suggestions on what is wrong?

  radeapclient does EAP-MD5.  It doesn't do EAP-TLS.  You'll need eapol_test for that.

  Make sure that the supplicant has the correct CA configured.  And hopefully the supplicant has useful logs.  :(

  Alan DeKok.




More information about the Freeradius-Users mailing list