On Mon, Jan 19, 2015 at 02:08:13PM -0800, Jim Shi wrote:
I try test PEAP following steps described in http://www.freesoftwaremagazine.com/articles/howto_incremental_setup_freerad...
That article is nearly 7 years old. Be careful in case anything is out of date.
it says to send the following to radius server:
$ cat eapol_test.conf.peap network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="testuser" password="password" ca_cert="/home/gcheng/myCA/cacert.pem" phase2="auth=MSCHAPV2" anonymous_identity="anonymous" }
When running the test, I noticed that it sends “anonymous” user to the server and the server try to authenticate user “anonymous” and failed.
Because you set your anonymous_identity to "anonymous".
Any ideas what is “anonymous” here? Do we need set up password for “anonymous” on the server?
No, this is the User-Name used for the outer request. The real identity, "testuser", will be sent in the inner PEAP tunnel. Run the server in debug mode (-X) and read the output. It will tell you what went wrong. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>