Hello all,
I have been struggling to get the EAP-TTLS to work.
I have been following this guide: http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html
And i think the setup of all things has gone fine (biggest problem i had was
creating the certifcates).
I have tested the connection with "raddtest" and the tool
"NTRadPing" and everything seems ok.
However when i try to connect from my Linux machine using WPA supplicant, the
following errors appear in the Radius server console:
...................................................................................
Going to the next request
Waking up in 4.9 seconds.
User-Name = "johan@mediavisiongroup.se"
NAS-IP-Address = 192.168.1.144
Called-Station-Id =
"00-20-a6-64-c3-b1:MVG-Personal"
Calling-Station-Id =
"00-0f-cb-f9-3b-f9;MVG-Personal"
NAS-Identifier = "MVG-1"
State = 0xdea187e5dea3836d25979821eb25f055
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200060315
Message-Authenticator =
0x80154e870b93b69627ead5a0eee17643
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "mediavisiongroup.se" for
User-Name = "johan@med
iavisiongroup.se"
rlm_realm: No such realm "mediavisiongroup.se"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010300061520
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xdea187e5dfa2926d25979821eb25f055
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 48 with timestamp +3
Cleaning up request 1 ID 49 with timestamp +3
Ready to process requests.
...................................................................................
The connection conf from the Linux box is (/etc/wpa_supplicant.conf):
network={
ssid="MVG-Personal"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="johan@mediavisiongroup.se"
anonymous_identity="anonymous@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase2="auth=MD5"
}
- I am guessing that the /etc/cert/ca.pem is the "client
certification" i created from the freeradius.
- User and password above (in the file /etc/wpa_supplicant.conf) do exist and
is correct. They match the user and password in the file on the freeradius
"/usr/local/etc/raddb/users".
...................................................................................
Also so i understand this, three certficates are needed for EAP-TTLS ?
CA= root certifcate stored on the freeradius machine
Server = certifcate also stored on the freeradius machine
Client = certifcate copied to the client trying to connect
And on the client the path in the "wpa_supplicant.conf" to the client
certificate is correct.
In
short: the client seem to connect to the freeradius, but i am getting no IP to
the client.
...................................................................................
Thanks very much for help!
Best regards,
Johan