On 19 December 2016 at 23:54, Stefan Paetow <Stefan.Paetow@jisc.ac.uk> wrote:
Hi Henti,
Hi Stefan,
Authentication is still not working, but at least I'm now getting krb auth attempts, which fails due to 'Attribute "User-Password" is required for authentication'
Ok, that's progress.
I got it working after adding phase2 pap to the client test on the local machine. I'm using rad_eap_test which is a wrapper around eapol_test
# Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5"
Hmmm, this is still set to 'md5'. I'd set this (in the 'mods-available/eap' file under 'ttls') to 'gtc'. That way the default is generic token card, not MD5.
I've updated the above and tested locally and working. When I try to connect with an android device using * eap method : TTLS * Phase-2 auth : PAP and I get : WARNING: !! EAP session for state 0x3e833be03884222b... did not finish! WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility Which I read and using the guide at http://deployingradius.com/documents/configuration/certificates.html created new certs as I was using our wildcard certs before from Comodo. I also installed the ca cert on the android device and still getting the same error. I've placed the logs here : https://hastebin.com/rufukabebu.sql Regards Henti -- --