TTLS : where to indicate User/Password ?
Bruno Costacurta
pubmb01 at skynet.be
Mon Dec 4 13:00:54 CET 2006
On Monday 04 December 2006 10:17, Bruno Costacurta wrote:
> On Monday 04 December 2006 06:09, Alan DeKok wrote:
> > Bruno Costacurta wrote:
> > > Hello,
> > > I'm trying to configure FreeRadius using TTLS but got confused about
> > > the User/Password definiton and/or location as it seems that (please
> > > see log hereafter) user is found but not the password.
> > > Currently I indicate it in table radcheck in MySQL.
> >
> > Are you sure? The debug output doesn't seem to say that. Or, you've
> > edited rather a lot of it.
> >
> > > Debug: rad_check_password: Found Auth-Type Local
> > > Debug: auth: type Local
> > > Debug: auth: No User-Password or CHAP-Password attribute in the request
> >
> > So... you forced Auth-Type to Local. Why?
>
> I did not force any Auth-Type to Local (as far as I know...if so where to
> check this ?)
>
> However, accepted the fact User-Password or CHAP-Password are valid with
> TTLS so Auth-Type=Local is acceptable (correct me If I'm wrong)
> where can I indicate these values so the request contain them ?
>
> > > in file 'users'
> > > acer9100 Auth-Type := EAP
> >
> > Why? The comments in eap.conf make it clear that this is wrong.
>
> I tried few options for file 'users' without any change.
> Same if there is no entry at all. So what are valid types here ?
>
> Remark: indeed this EAP option is confusing in file 'users': implemented
> but not to be used ?
>
> Thanks for your attention.
> -Bruno
>
> > Alan DeKok.
> > --
> > http://deployingradius.com - The web site of the book
> > http://deployingradius.com/blog/ - The blog
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
I noticed my previous explanations/questions are maybe cumbersome.
Some clarifications hereafter :
I'm trying to configure FreeRadius using TTLS (certificate on server side
only) and MySQL. Client is a Linux laptop using wpa_supplicant.
I'm in a learning curve regarding 802.1x and FreeRadius and especially TTLS.
Note : however the config was working before Auth-Type and/or MySQL tables
(apparently) were touched (but at least this can valid certain part of the
config like the certificate).
Questions:
- TTLS available authentications are: CHAP,PAP,MS-CHAP,EAP (correct ?)
- 'Auth-Type=local' means CHAP,PAP and MS-CHAP (correct ?)
- for the learning curve :
--- which is the easiest authentications to start with ?
--- MySQL will be removed at the first stage to ease debugging / setup of the
config (good idea ?)
Thanks for attention and remarks,
Bruno
More information about the Freeradius-Users
mailing list