Thanks for your answer, I try many thing and I finally found the problem : In the eap.conf : eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = /dev/urandom
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
}
ttls {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
mschapv2 {
}
}
I change the eap { default_eap_type = ttls to
eap {
default_eap_type = mschapv2 and add in the mschapv2 : mschapv2 { default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "inner-tunnel" } This work for me but I still don't know why, for me *default_eap_type = ttls* at the begin should point to : ttls {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
}
Which point to the module/mschap file ?
Anyway now it's seem to work, Thanks you for your support ! 2017-01-12 11:51 GMT+01:00 Matthew Newton <mcn4@leicester.ac.uk>:
On Thu, Jan 12, 2017 at 10:18:04AM +0100, Arno Tarpin wrote:
First I'm sorry for my bad English...
Your English is good.
I just install Freeradius (using this tutorial <https://blog.fenrir.fr/2013/09/07/655/>), everything work (I get a
The best instructions to follow are generally Alan DeKok's at http://deployingradius.com/
access-accept when I try the radtest command) but when I try connect to the AP using WPA2 Entreprise, my devise (I use an Iphone but with a Laptop I get the same problem) don't connect.
Sending Access-Accept of id 27 to 192.168.11.122 port 55831 MS-MPPE-Encryption-Policy = 0x00000002 MS-MPPE-Encryption-Types = 0x00000004 MS-MPPE-Send-Key = 0xd2945975ecf1a221e1ee1d070d2891dd MS-MPPE-Recv-Key = 0x834f4d25d1269b7014c27c5140b1f898 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "a.tarpin" MS-MPPE-Recv-Key = 0xe27cfc4aeaf04ba460adf86811d3 c2a068b52bbe4e30d0e79c48a1d801de5bbc MS-MPPE-Send-Key = 0x4e3c07e4df836b2af32406a60a1b a337d035d39c2608723f6c43a54c636db116 EAP-Message = 0x037c0004
You've got two sets of MS-MPPE-Recv-Key/MS-MPPE-Send-Key.
If you've set use_tunneled_reply = yes in the eap ttls configuration, set it back to "no" again and try again.
Matthew
-- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html