David Trinh wrote:
I would like to test the security feature 802.1x EAP-TLS of our product. I set up FreeRadius and used the demo certificates. However, the server keeps rejecting access.
I noticed that the server complains about <no User Password attribute>, but the wireless device (supplicant) does not have a place for me to enter the password, only the login.
That's how EAP-TLS works. There's no password. The debugging information says there's no password... because there's no password. It's OK.
So how to I configure FreeRadius to ignore the password attribute? Please help.
You don't. The problem is elsewhere:
Here is the log when run in debug mode: ... rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for bad type 0 rlm_eap: Failed in EAP select
The EAP supplicant you're using doesn't want to do EAP-TLS, and told the server that there are no EAP types it can use. Fix the supplicant to do EAP-TLS. Alan DeKok.