greg.huber wrote:
I few releases back we had EAP-TTLS/TLS working (maybe 2 years ago??) Since then it has stopped and I am having trouble finding the root cause. Protocols like EAP-TLS and EAP-TTLS/MSCHAPV2 are working, and I verified the certificates and keys.
It should work, though I haven't tested it recently.
I have attached the output from 'radiusd -X' below. I see a lot of posts have a nice condensed dump of the configuration, if someone could tell me how to get the dump I will attach it also.
"radiusd -X". It will print out the configuration it reads.
Near the end is the statement:
[ttls] WARNING: diameter2vp skipping long attribute 3005705648, attr
Hmm... that's wrong. It looks like your C compiler is broken. Which OS / C compiler are you using? What supplicant are you using?
I found this in the source code but am not sure if is is part of the problem or just a non-fatal warning.
The debug log shows it's the cause of the error. The supplicant is sending some weird non-EAP data inside of the tunnel. This is one case where you should run "radiusd -Xx", do the authentication, and post it to the list. The extra "x" will cause the server to print out a hex dump of the data inside of the tunnel. That will help us figure out what's going wrong. You don't need to post all of the debug output. Just the line: [ttls] Session established. Proceeding to decode tunneled attributes. and then the hex dump, which should be shortly after that. Alan DeKok.