help for using eap and TTLS

David ROUMANET david.roumanet at grenet.fr
Wed Jun 1 15:57:55 CEST 2005 

I was having same message (rlm_eap_tls: Requiring client certificate) 
because there was a mistake in eap.conf.
Look at "default_eap_type = ttls" line under "eap {" or "tls {" (not sur 
efor the right place because I've a similar problem to your now)

        eap {
                default_eap_type = ttls
                timer_expire     = 60
                ignore_unknown_eap_types = no
                cisco_accounting_username_bug = no

                # Supported EAP-types
                md5 {
                }
                # EAP-TLS
                tls {
                #       default_eap_type = ttls
                        private_key_password = astronomie

EAP-TTLS has two phase : one to establish tunnel (server send it 
certificate), second to authenticate client (it send encrypted 
username/password)

Hope to help you (else, contact me directly in french david.roumanet $ 
grenet.fr)
David

Maurice.Bourguel a écrit :

>Hello all,
>	I'm using freeradius-1.0.2 with AceesPoint Cisco ap1100; I'm
>using eap/ttls to authenticate users. 
>	I try to connect to with Xp clients or Mac osX clients; All go wrong.
>	When using Mac OSX client and 802.1X setup ( authentification TTLS alone 
>with PAP Authentication interne TTLS) Mac OSX client obtain the two
>certificates: authoritative and server. But it is not connecting. It loops
>on authentication process.
>
>Here is the trace from /usr/local/sbin/radiusd -X -A:
>
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
> rlm_eap_tls: Requiring client certificate
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>  modcall[authenticate]: module "eap" returns handled for request 2
>modcall: group authenticate returns handled for request 2
>Sending Access-Challenge of id 127 to 139.124.3.235:21661
>        Framed-MTU = 576
>        Service-Type = Framed-User
>        EAP-Message = 0x010300060d20
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x37a760f21d2a0b8d0fdd492ccd5e7d17
>Finished request 2
>Going to the next request
>--- Walking the entire request list ---
>
>What means
>	rlm_eap_tls: Requiring client certificate
> 	rlm_eap_tls: Start returned 1
>  	modcall[authenticate]: module "eap" returns handled for request 2
>  	
>How should I fix this?
>Any help will be appreciated.
>	
>I have configured freeradius and openssl using these articles:
>	http://www.alphacore.net/spip/article.php3?id_article=45
>	http://www.alphacore.net/spip/article.php3?id_article=33
>	http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html
>
>
>Regards,
>Maurice
>***********************************************************
>* e-mail : bourguel at cirm.univ-mrs.fr                      *
>----------------------------------------------------------
>* Maurice Bourguel               +                        *
>* CIRM - MENRT-CNRS-SMF          +                        *
>* case 916, 163 Avenue de Luminy + tel (33) 04 91 83 30 23*
>* 13288 Marseille Cedex 9        + fax (33) 04 91 83 30 05*
>***********************************************************
>*http://www.cirm.univ-mrs.fr                              *
>***********************************************************
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: david.roumanet.vcf
Type: text/x-vcard
Size: 353 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050601/1a852bc7/attachment.vcf>

More information about the Freeradius-Users mailing list