On Feb 24, 2015, at 12:08 PM, Dominik Menke <dom@digineo.de> wrote:
I'm trying to secure my wireless networks with RADIUS, so that any combination of username/password will let the user in.
That isn’t very secure.
So far I tried to add this line to my `users` file:
DEFAULT Auth-Type := Accept
That won’t work.
With radtest I could get a positive feedback, but when I wire up the RADIUS server with my wireless AP and try to connect (via EAP-TTLS/MSCHAPv2), no connection is established.
Exactly. MS-CHAPv2 *requires* that the server know the users correct password. You need to do two things: 1) configure the clients to use TTLS/PAP instead of MS-CHAP 2) update the “users” file entry to say: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Accept Then TTLS/PAP should work. Nothing else will work, though. Alan DeKok.