On Monday 04 December 2006 10:17, Bruno Costacurta wrote:
On Monday 04 December 2006 06:09, Alan DeKok wrote:
Bruno Costacurta wrote:
Hello, I'm trying to configure FreeRadius using TTLS but got confused about the User/Password definiton and/or location as it seems that (please see log hereafter) user is found but not the password. Currently I indicate it in table radcheck in MySQL.
Are you sure? The debug output doesn't seem to say that. Or, you've edited rather a lot of it.
Debug: rad_check_password: Found Auth-Type Local Debug: auth: type Local Debug: auth: No User-Password or CHAP-Password attribute in the request
So... you forced Auth-Type to Local. Why?
I did not force any Auth-Type to Local (as far as I know...if so where to check this ?)
However, accepted the fact User-Password or CHAP-Password are valid with TTLS so Auth-Type=Local is acceptable (correct me If I'm wrong) where can I indicate these values so the request contain them ?
in file 'users' acer9100 Auth-Type := EAP
Why? The comments in eap.conf make it clear that this is wrong.
I tried few options for file 'users' without any change. Same if there is no entry at all. So what are valid types here ?
Remark: indeed this EAP option is confusing in file 'users': implemented but not to be used ?
Thanks for your attention. -Bruno
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I noticed my previous explanations/questions are maybe cumbersome. Some clarifications hereafter : I'm trying to configure FreeRadius using TTLS (certificate on server side only) and MySQL. Client is a Linux laptop using wpa_supplicant. I'm in a learning curve regarding 802.1x and FreeRadius and especially TTLS. Note : however the config was working before Auth-Type and/or MySQL tables (apparently) were touched (but at least this can valid certain part of the config like the certificate). Questions: - TTLS available authentications are: CHAP,PAP,MS-CHAP,EAP (correct ?) - 'Auth-Type=local' means CHAP,PAP and MS-CHAP (correct ?) - for the learning curve : --- which is the easiest authentications to start with ? --- MySQL will be removed at the first stage to ease debugging / setup of the config (good idea ?) Thanks for attention and remarks, Bruno