Terry Kantorowski wrote:
Per your request. I have included the debug output from freeradius. You will see that my test user "rickjames" authenticates just fine. The problem I am having is that the attribute value pairs for his group are not passed and so he never actually "connects" to the wireless network. The AVPs are missing when I try to connect with a device using PEAP, but present when I force connect with TTLS. I did not see this until I ran tcpdump.
Which is why all of the documentation tells you to run the server in debugging mode, and to read the output.
Thanks for taking the time to look at this.
It should be pretty clear from the output. There's a lot of it, but reading it is simple.
(11) eap_peap : Got tunneled reply code 2 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed MS-MPPE-Send-Key = 0x179df4ed5c7771b6728858f3b86294c2 MS-MPPE-Recv-Key = 0xb9fea9733904585d418bc4af62e467f3 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = 'rickjames'
So... no authorization attributes are in the tunnel. Fix that. Alan DeKok.