On 02/05/2018 10:43, Nick Howitt wrote:
On 02/05/2018 10:02, Adam Bishop wrote:
On 2 May 2018, at 09:55, Nick Howitt <nick@howitts.co.uk> wrote:
eap { default_eap_type = "md5" You probably want to set this to 'peap' or 'ttls' for wireless clients.
Adam Bishop Senior Infrastructure and Systems Architect
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460 t: +44 (0)1235 822 245 xmpp: adamb@jabber.dev.ja.net
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Changing to peap gives:
Ready to process requests (0) Received Access-Request Id 128 from 172.22.22.2:3600 to 172.22.22.1:1812 length 81 (0) User-Name = "test1" (0) NAS-IP-Address = 172.22.22.2 (0) NAS-Port = 29 (0) NAS-Port-Type = Wireless-802.11 (0) Framed-MTU = 1396 (0) EAP-Message = 0x0200000a017465737431 (0) Message-Authenticator = 0x5ab518eaa9df382184bb9dc33fc6fe0e (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "test1", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) ntdomain: Checking for prefix before "\" (0) ntdomain: No '\' in User-Name = "test1", looking up realm NULL (0) ntdomain: No such realm "NULL" (0) [ntdomain] = noop (0) eap: Peer sent EAP Response (code 2) ID 0 length 10 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/raddb/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_peap to process data (0) eap_peap: Initiating new EAP-TLS session (0) eap_peap: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 1 length 6 (0) eap: EAP session adding &reply:State = 0x3e72e94e3e73f08d (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Sent Access-Challenge Id 128 from 172.22.22.1:1812 to 172.22.22.2:3600 length 0 (0) EAP-Message = 0x010100061920 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x3e72e94e3e73f08d09b1afbce1068a81 (0) Finished request Waking up in 4.9 seconds. (0) Cleaning up request packet ID 128 with timestamp +135 Ready to process requests
but no progress - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok so that's a day of my life I won't get back. Swapping the WAP from an old Draytek router to a not quite so old Buffalo router running Tomato and I can log in. Sorry for wasting your time.