<div>Hello Hoercher,</div>
<div> </div>
<div>Please see below answers/questions (i<font color="#ff0000">n red</font>):<br><br>ok, i played around a bit and found EAP-TTLS working with no<br>particular problems.<br><br>On 10/21/06, Rafiqul Ahsan <<a href="mailto:rafiqul.ahsan@gmail.com">
rafiqul.ahsan@gmail.com</a>> wrote:<br>> "testuser" User-Password := "testuser"<br>looks ok, but I'm not absolutely sure about the quotation marks for<br>the username, they are not needed in any case.
</div>
<div> </div>
<div><font color="#ff0000">testuser User-Password :="testuser"</font></div>
<div><font color="#ff0000">I will try with only above entry in users file</font></div>
<div><br> </div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> the error was about no matching "anonymous_identity", and thats why I had to<br>> have a DEFAULT entry after this with Auth-Type :=EAP.
<br><br>As you didn't show that error one cannot check for it's real cause.<br>Everything else correctly configured you don't need that setting (and<br>it might be actually wrong depending on circumstances).</blockquote>
<div> </div>
<div><font color="#ff0000">OK, I found some positings about username_identity_check disabling for user "anonymous"...here it is</font></div>
<div><font color="#ff0000"></font> </div>
<div><font color="#ff0000">Quote</font></div>
<div><font color="#000099">I guess since somebody implemented this check, there must be some broken NASes out there... and<br>the attached patch fixes this situation. If user sets "username_identity_check = no" in
<br>eap section it will disable this check. The default for this setting is "yes".</font></div>
<div><font color="#ff0000">Unquote</font></div>
<div> </div>
<div><font color="#ff0000">So, now I have added this patch to files eap.c, rlm_eap.h, and rlm_eap.c, compiled. I will test it this on monday.I am expecting this patch will lead to pass this anonymous user check phase in radius
server.I will post you the result on that. Please let me know if you are aware of this.</font><br> </div>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> Do you suggest any particular format of my users file ? Please note, the<br>> phase 1 user identity is "anonymous_identity", and phase 2 user/passwd is
<br>> "testuser/testuser".<br><br>I did take note. So, take an unaltered users file and just add your<br>line as mentioned above.<br>Something I found in your previous post led to an failure here. Use<br>phase2="autheap=MSCHAPV2"
<br>instead of<br>phase2="auth=MSCHAPV2"</blockquote>
<div> </div>
<div><font color="#cc0000">Not sure where we configure this phase2="autheap=MSCHAPV2" ? Are we at phase 2 yet ? I thought we have not passed the phase 1..can you pls clarify ?</font></div><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> modcall: entering group authenticate for request 1^M<br>> rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
<br>> EAP-request^M<br><br>That does look strange (and might indicate your real problem), if it<br>still persists with the suggested changes it might be useful to dig<br>further into that. Perhaps you could add another -x to the freeradius
<br>invocation to get timestamps on the logfile.</blockquote>
<div> </div>
<div> </div>
<div><font color="#ff0000">I will test with the above patch - and see if we can pass the anonymous identity check problem. If persists - I will recompile with original files mentioned above, and test again to give you the full debug logs.
</font></div>
<div><font color="#ff0000"></font> </div>
<div><font color="#ff0000">Thanks</font></div>
<div><font color="#ff0000">Rafi</font></div><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">regards<br>K. Hoercher<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a><br></blockquote><br><br clear="all"><br><br>