TTLS working. Is it secure?
Hi, I was able to configure radius server, users can connect after entering user credentials. However I am not sure whether the configuration fully correct or not. In below, I pasted my radius daemon logs for only one authentication process. Entered username was true and password was false. Why there are 4 request for only one authentication process? What is wrong with it? What does "rlm_ldap: user tkiziloren authorized to use remote access" mean? The password is not true how can a user authorized although his/her password is false. Thanks in advance. Tevfik. rad_recv: Access-Request packet from host 10.10.7.203:1645, id=11, length=139 User-Name = "tkiziloren" Framed-MTU = 1400 Called-Station-Id = "0017.0e85.f190" Calling-Station-Id = "0011.2fb9.d08b" Service-Type = Login-User Message-Authenticator = 0x46e9a61e176eb2fad26f1f689c9edc79 EAP-Message = 0x0202000f01746b697a696c6f72656e NAS-Port-Type = Wireless-802.11 NAS-Port = 260 NAS-IP-Address = 10.10.7.203 NAS-Identifier = "testbaum" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 15 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 29 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: '(uid=tkiziloren)' radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 0 rlm_ldap: bind as / to ldap.anadolu.edu.tr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_1x" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 11 to 10.10.7.203 port 1645 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbe88ae73ff01db2d490c7144a376c659 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.7.203:1645, id=12, length=202 User-Name = "tkiziloren" Framed-MTU = 1400 Called-Station-Id = "0017.0e85.f190" Calling-Station-Id = "0011.2fb9.d08b" Service-Type = Login-User Message-Authenticator = 0x1c053c94b8fa5bc90c998ed9517b8a7c EAP-Message = 0x0203003c158000000032160301002d0100002903014a5bc504f836fec860348fb73185a7cc772a9bdf5f440445d0eaedbc8e8ffa77000002000a0100 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0xbe88ae73ff01db2d490c7144a376c659 NAS-IP-Address = 10.10.7.203 NAS-Identifier = "testbaum" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 60 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 29 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: '(uid=tkiziloren)' radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_1x" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05e7], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 12 to 10.10.7.203 port 1645 EAP-Message = 0x0104040a15c000000644160301004a02000046030146446335adedcee21b0f7d388612e4511b161a05d7f60d50d05c530f0fbb556120d89b7e2fff61268e1088096ae7e5496aa5a0fc9da67f65c7f65e1d792a44f208000a0016030105e70b0005e30005e00002c5308202c13082022aa003020102020101300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a86 EAP-Message = 0x4886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333833325a170d3038303530373130333833325a3081a3310b300906035504061302545231123010060355040813095452416e61646f6c75311230100603550407130945736b697365686972311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d003081890281 EAP-Message = 0x8100aa7e832714838afb5c85df7c60afaf107142a9e077659f216e0b0cee26180413d2ce23bd4551cb0e7243dbae482db8757502159b52b08f8776b1fef8110ea8798dc7bd0db591296d73e37cad9a07ad8b1c1db6360104861ae0405cab03544b1ae33633df6a5403c79bdde9ab57ed2dcfe191f5f34418b555c953351acc461ce70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181003c0a0c3e188348ce41725b4c062f8a8570a1bf407bb6ee3504b9df6a18e935fe2f8792c914c2eabadd85e6ea701ec99443a06e436152b7b9fd413cf44fbd09db68cdf3879c76ea673153 EAP-Message = 0xb8adc112064df7b8369c796d37251577569523b465b686408649adbb9f9006148c9e8df035dec411681b9365b9d317f44efd89b9b42b000315308203113082027aa003020102020100300d06092a864886f70d010105050030818f310b300906035504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e7472301e170d3037303530383130333734345a170d EAP-Message = 0x3130303530373130333734345a30818f310b30090603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdc75d5eda4e0cae9d79bba28bc969a70 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.7.203:1645, id=13, length=148 User-Name = "tkiziloren" Framed-MTU = 1400 Called-Station-Id = "0017.0e85.f190" Calling-Station-Id = "0011.2fb9.d08b" Service-Type = Login-User Message-Authenticator = 0x94a629eda2e1b020387e4292f0195afb EAP-Message = 0x020400061500 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0xdc75d5eda4e0cae9d79bba28bc969a70 NAS-IP-Address = 10.10.7.203 NAS-Identifier = "testbaum" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 29 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: '(uid=tkiziloren)' radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_1x" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 13 to 10.10.7.203 port 1645 EAP-Message = 0x0105024e1580000006445504061302545231123010060355040813095452416e61646f6c75311b3019060355040a1312416e61646f6c7520556e6976657273697479310d300b060355040b13044241554d311c301a060355040313136c6461702e616e61646f6c752e6564752e74723122302006092a864886f70d01090116136c64617040616e61646f6c752e6564752e747230819f300d06092a864886f70d010101050003818d0030818902818100f87fe052d754f4586d4e311ea15bb54cd7bbe1e505e648171bfa44c6a1523906cc31d776e4a8113dd3f002e7ddd43868af03076e0f4c57c6791845adc2f7732d909e58267dc127244ebe656f95 EAP-Message = 0xf53a09222a4a3451369f97a04391610dc4b77848268d41b7f9bc37f04654d00abdc0ee376c8aad064e5ac5a5a1595bffeea9b30203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e0416041450fd81eacea4e2d3d18547e154bc515d08630096301f0603551d2304183016801450fd81eacea4e2d3d18547e154bc515d08630096300d06092a864886f70d01010505000381810092f44ed2dade447e098f90432e2a2b58d93139471c0b41d3bbdebf1c2d09e321b43bbe2faad7d8c60e6642f5b6c2746fbb4be07033 EAP-Message = 0x4b77db5093871b2203bf2271cb97b98cc169c03f4f67d7a01261d971dfddc176cce3a42e1dd1e37037060a528db7e8481722e222549b882a93cfa582a29df0f1b401a28e197772410a1f1016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x601d05b1669ab2bed2334dbb4dbe4d93 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.7.203:1645, id=14, length=342 User-Name = "tkiziloren" Framed-MTU = 1400 Called-Station-Id = "0017.0e85.f190" Calling-Station-Id = "0011.2fb9.d08b" Service-Type = Login-User Message-Authenticator = 0xd740350b53fca08d4001aed5cb55bdd5 EAP-Message = 0x020500c81580000000be1603010086100000820080989a4f4fef1e07bdc30e36fef2b9fa53649b34891e3af4981558eff851af2c16e31edfadd788ed4caa1d9dd75fec547af24d81a30e3322652f9b3c6cf57c9e5638979da52036cc0d84e3671e2cd0e60c20c322c485f9d4893ed9a3202c3af09dae9c0f79d2a2a4a28838920c2a20dcfe9080af2e72ae3e3d4bab2353ca2dd2321403010001011603010028e030b00731ce0c04645a08c8b19879ac634ccc7264530fe9242eefa8c94c712d7f2b1f6194a2b777 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0x601d05b1669ab2bed2334dbb4dbe4d93 NAS-IP-Address = 10.10.7.203 NAS-Identifier = "testbaum" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 29 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: '(uid=tkiziloren)' radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_1x" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 14 to 10.10.7.203 port 1645 EAP-Message = 0x0106003d15800000003314030100010116030100281527d07e80080ef64fd3fc412609c08d94edb977645467e3ffb76ef7f04fc2cca1a0f8d6834de619 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x596d167bc9c74853ae5bd540423f3b81 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.10.7.203:1645, id=15, length=221 User-Name = "tkiziloren" Framed-MTU = 1400 Called-Station-Id = "0017.0e85.f190" Calling-Station-Id = "0011.2fb9.d08b" Service-Type = Login-User Message-Authenticator = 0x853240c191a67fa8675d6ccc5cd4abc3 EAP-Message = 0x0206004f1580000000451703010040cf6a442a8eef8f67c64a243cfc035a468d8b995f900af8238341332e934fc5adf057972e7723fdb6baa8a96d50184bc4ac3397ddd2963033bd8dd2ef5d184328 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0x596d167bc9c74853ae5bd540423f3b81 NAS-IP-Address = 10.10.7.203 NAS-Identifier = "testbaum" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 79 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 29 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: '(uid=tkiziloren)' radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_1x" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "tkiziloren", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 4 users: Matched entry DEFAULT at line 29 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for tkiziloren radius_xlat: '(uid=tkiziloren)' radius_xlat: 'ou=people,dc=anadolu,dc=edu,dc=tr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=anadolu,dc=edu,dc=tr, with filter (uid=tkiziloren) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user tkiziloren authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap_1x" returns ok for request 4 modcall: leaving group authorize (returns ok) for request 4 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 4 rlm_ldap: - authenticate rlm_ldap: login attempt by "tkiziloren" with password "egermen" rlm_ldap: user DN: uid=tkiziloren,ou=people,dc=anadolu,dc=edu,dc=tr rlm_ldap: (re)connect to ldap.anadolu.edu.tr:389, authentication 1 rlm_ldap: bind as uid=tkiziloren,ou=people,dc=anadolu,dc=edu,dc=tr/egermen to ldap.anadolu.edu.tr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind failed with invalid credentials rlm_ldap: modcall[authenticate]: module "ldap_1x" returns reject for request 4 modcall: leaving group LDAP (returns reject) for request 4 auth: Failed to validate the user. TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 4 modcall: leaving group authenticate (returns invalid) for request 4 auth: Failed to validate the user. Delaying request 4 for 1 seconds Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 15 to 10.10.7.203 port 1645 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 11 with timestamp 46446335 Cleaning up request 1 ID 12 with timestamp 46446335 Cleaning up request 2 ID 13 with timestamp 46446335 Cleaning up request 3 ID 14 with timestamp 46446335 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 15 with timestamp 46446336 Nothing to do. Sleeping until we see a request. -- View this message in context: http://www.nabble.com/TTLS-working.-Is-it-secure--tf3727367.html#a10431721 Sent from the FreeRadius - User mailing list archive at Nabble.com.
tevfik wrote:
Why there are 4 request for only one authentication process? What is wrong with it?
That's how EAP-TTLS works.
What does "rlm_ldap: user tkiziloren authorized to use remote access" mean?
See the comments for the "ldap" module in "radiusd.conf".
The password is not true how can a user authorized although his/her password is false.
Why do you want that? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
The password is not true how can a user authorized although his/her password is false.
Why do you want that?
Actually I don't want that. I just wonder why? Sorry for english. Could you suggest any book or source for learning ttls except rfc definitions? I really want to deeply understand it. Alan DeKok-4 wrote:
tevfik wrote:
Why there are 4 request for only one authentication process? What is wrong with it?
That's how EAP-TTLS works.
What does "rlm_ldap: user tkiziloren authorized to use remote access" mean?
See the comments for the "ldap" module in "radiusd.conf".
The password is not true how can a user authorized although his/her password is false.
Why do you want that?
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/TTLS-working.-Is-it-secure--tf3727367.html#a10433427 Sent from the FreeRadius - User mailing list archive at Nabble.com.
Tevfik Kiziloren wrote:
Could you suggest any book or source for learning ttls except rfc definitions?
I really want to deeply understand it.
If you want to deeply understand it, the only choice is to read the standards. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Why there are 4 request for only one authentication process?
That's quite a normal sequence of Requsts and Challenges. EAP works that way.
What is wrongwith it?
Nothing
What does "rlm_ldap: user tkiziloren authorized to use remote access" mean?
What it says - that "user tkiziloren" is "authorized to use remote access".
The password is not true how can a user authorized although his/her password is false.
Because there is a difference between authorize (can this user use this service) and authenticate (is this user who he claims to be). Authentication fails with bad password. Ivan Kalik Kalik Informatika ISP
participants (4)
-
Alan DeKok -
tevfik -
Tevfik Kiziloren -
tnt@kalik.co.yu