On 11/30/2010 11:05 AM, John McDonnell wrote:
-----Original Message----- On Behalf Of Andrew Bovill
Hi,
I'm trying to get WPA Enterprise EAP/TLS working with my wireless router. It appears that the TLS portion of the authentication works (valid certificates give me a working connection) but it does NOT appear to actually be checking the username/password combination that is also sent along the line.
I have followed the WPA_HOWTO as best I could (my clients are OS X and Android and Gentoo, not Windows XP) but I can't figure out how to 'fail' an auth attempt with an invalid user/pass combination.
Here is the debug output: Thanks for any advice. I didn't want to start reconfiguring with a shotgun :) *snipped* IIRC, that is how EAP-TLS works. If the client has a valid certificate, it can connect.
Check this previous message that is similar to what I think you are trying to do: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg66246.h tml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Cool, I was wondering about that.
It just seems weird that nearly ALL of the suplicants I've used *require* me to give a username/password (or at least an Identifier + password) in addition to the unlocked certificate. Maybe a better question is: What's the point of the username/pass that's also being sent by the supplicant? Thanks --Andrew Bovill