<div>
<p>Hi all,</p>
<p>I have been trying to figure this out for couple days, but could not get any clue. My test is about authentication with EAP-TTLS/MSCHAPV2.</p>
<p>I am using freeradius v - 1.1.3, on Solaris 10.</p>
<p>No matter what I do, I get "rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request" at the server.</p>
<p>Anybody can help me what went wrong ? Here is my configs..and logs (truncated)</p>
<p>Awaits some solution...</p>
<p>Rafi</p>
<p> </p>
<p> </p>
<p>Here is my eap.conf</p>
<p> eap {<br> default_eap_type = ttls </p>
<p> timer_expire = 60<br> ignore_unknown_eap_types = no</p>
<p> cisco_accounting_username_bug = no</p>
<p> md5 {<br> }</p>
<p> leap {<br> }</p>
<p> gtc {<br> auth_type = PAP<br> }</p>
<p> tls {<br> rsa_key_exchange = yes<br> dh_key_exchange = no<br> rsa_key_length = 1024<br> dh_key_length = 1024<br> verify_depth = 2<br> pem_file_type = yes</p>
<p> private_key_password = "wimax i2 test certs" <br> private_key_file = /etc/freeradius/etc/certs/key2.pem<br> certificate_file = /etc/freeradius/etc/certs/cert2.pem<br> CA_file = /etc/freeradius/etc/certs/cacert.pem
<br> dh_file = /etc/freeradius/etc/certs/dh<br> random_file = /etc/freeradius/etc/certs/random</p>
<p> fragment_size = 1024</p>
<p> include_length = yes</p>
<p> check_cert_cn = %{User-Name}<br> }</p>
<p> ttls {<br> default_eap_type = mschapv2 </p>
<p> # copy_request_to_tunnel = no</p>
<p> # use_tunneled_reply = no<br> }</p>
<p> peap {<br> default_eap_type = mschapv2</p>
<p> # copy_request_to_tunnel = no<br> # use_tunneled_reply = no</p>
<p> # proxy_tunneled_request_as_eap = yes<br> }</p>
<p> mschapv2 {<br> }<br> }<br></p></div>
<div> </div>
<div> </div>
<div>Here is my users file :</div>
<div> </div>
<div>"testuser" Auth-Type := EAP, User-Password := "testuser"</div>
<div>
<p>DEFAULT Auth-Type := EAP<br></p></div>
<div> </div>
<div>Here is my supplicant config :</div>
<div># cat supplicant.conf<br>ctrl_interface=/var/tmp/supplicant.ctl<br>eap_trace=1<br>enableWiMAXauth=1<br>validateFNECerts=1<br>checkCRL=1<br>ignoreTimeOfDay=0<br>update_config=0<br>data_interface=/var/tmp/supplicant_data.ctl
<br>ap_scan=0<br>fast_reauth=1<br>load_dynamic=/usr/lib/wpa_supplicant/eap_ttls.so<br>network={<br>eap=TTLS<br>eap_workaround=1<br>anonymous_identity="anonymous_identity"<br>ca_path="/var/tmp/truststore"
<br>ca_cert="/var/tmp/root.crt"<br>client_cert="/var/tmp/cpe.crt"<br>private_key="/var/tmp/key"<br>private_key_passwd="wimax i2 test certs"<br>phase2="auth=MSCHAPV2"<br>}</div>
<div> </div>
<div>Here is the radius log (only shown the failed part)</div>
<div> </div>
<div>rlm_fastusers: checking defaults^M<br> fastusers: Matched DEFAULT at 6^M<br> modcall[authorize]: module "fastusers" returns updated for request 1^M<br>modcall: leaving group authorize (returns updated) for request 1^M
<br> rad_check_password: Found Auth-Type EAP^M<br>auth: type "EAP"^M<br> Processing the authenticate section of radiusd.conf^M<br>modcall: entering group authenticate for request 1^<font color="#ff0000">M<br>
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request^M</font><br> rlm_eap: Failed in handler^M<br> modcall[authenticate]: module "eap" returns invalid for request 1^M<br>modcall: leaving group authenticate (returns invalid) for request 1^M
<br><br> </div>