Thing is that, colleague has a software, developed by his company, I cannot disclose which one, that can test eap-gtc,and that works. And the thing is, when he tries to connect to freeradius server I set up, he cannot auth with domain username and pw. He can auth with EAP-TLS, EAP-TTLS with PAP, EAP-mschapv1 and EAP-mschapv2 and the only thing left to try is EAP-GTC. So my question is, what need's to be done on server side to make that happen?<br>
<div class="gmail_quote">
<br>This is server output<br><br><font size="4"><code><span style="color: rgb(0, 0, 0);">[eap] No EAP Start, assuming it's an on-going EAP conversation
<br>++[eap] returns updated
<br><div class="im">++[files] returns noop
<br>++[expiration] returns noop
<br>++[logintime] returns noop
<br>++[pap] returns noop
<br></div>++? if (!control:Auth-Type)
<br>? Evaluating !(control:Auth-Type) -> FALSE
<br>++? if (!control:Auth-Type) -> FALSE
<br>Found Auth-Type = EAP
<br>+- entering group authenticate {...}
<br>[eap] Request found, released from the list
<br>[eap] EAP/gtc
<br>[eap] processing type gtc
<br>[gtc] +- entering group PAP {...}
<br>[pap] login attempt with password "testpass"
<br>[pap] No password configured for the user. Cannot do authentication
<br>++[pap] returns fail
<br>[eap] Handler failed in EAP/gtc
<br><div class="im">[eap] Failed in EAP select
<br>++[eap] returns invalid
<br>Failed to authenticate the user.
<br></div><div class="im">} # server inner-tunnel
<br>[ttls] Got tunneled reply code 3
<br></div> EAP-Message = 0x04030004
<br> Message-Authenticator = 0x00000000000000000000000000000000
<br><div class="im">[ttls] Got tunneled Access-Reject
<br></div> SSL: Removing session 28767d93f75a91c5975ff5a5bb2862e3703de9c700b7e4e1a6db061068d2a37a from the cache
<br><div class="im">[eap] Handler failed in EAP/ttls
<br></div>rlm_eap_ttls: Freeing handler for user test
<br><div class="im">[eap] Failed in EAP select
<br>++[eap] returns invalid
<br>Failed to authenticate the user.
<br></div>Using Post-Auth-Type Reject
<br>+- entering group REJECT {...}
<br>[attr_filter.access_reject] expand: %{User-Name} -> Anonymous
<br> attr_filter: Matched entry DEFAULT at line 11
<br>++[attr_filter.access_reject] returns updated
</span></code></font><br><br><font face="arial,helvetica,sans-serif"><font size="2">So my question is, what needs to be setup in order to make eap-gtc work with win2k3 domain?<br><br>Thanks once again, you've been most helpful<br>
<br>Cheers,<br><font color="#888888"><br>Petar<br></font></font></font><div><div></div><div class="h5"><br><div class="gmail_quote">On Fri, Jun 26, 2009 at 14:10, Ivan Kalik <span dir="ltr"><<a href="mailto:tnt@kalik.net" target="_blank">tnt@kalik.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>> All of this is for testing purposes. So, I just need all of those methods<br>
> to<br>
> work, if it can't work with domain, then cleartext password will be fine.<br>
> Can you give me some more info about seting up TTLS-GTC, testing is being<br>
> done on Windows XP. Also, for EAP-TTLS with chap, enabling user is enough,<br>
> right?<br>
<br>
</div>Every method that works with passwords will work with Cleartext-Password<br>
in users file. Working with encrypted passwords is restricting choice.<br>
<br>
wpa_supplicant has a Windows port. It should work with all the mentioned<br>
protocols. For download and documentation (installation, configuration)<br>
look up their site. Their testing tool (eapol_test) is used extensively by<br>
freeradius developers for testing EAP protocols without the hardware.<br>
<div><div></div><div><br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
</div></div></blockquote></div><br>
</div></div></div><br>