TTLS : where to indicate User/Password ?

Bruno Costacurta pubmb01 at skynet.be
Mon Dec 4 13:00:54 CET 2006


On Monday 04 December 2006 10:17, Bruno Costacurta wrote:
> On Monday 04 December 2006 06:09, Alan DeKok wrote:
> > Bruno Costacurta wrote:
> > > Hello,
> > > I'm trying to configure FreeRadius using TTLS but got confused about
> > > the User/Password definiton and/or location as it seems that (please
> > > see log hereafter) user is found but not the password.
> > > Currently I indicate it in table radcheck in MySQL.
> >
> >   Are you sure?  The debug output doesn't seem to say that.  Or, you've
> > edited rather a lot of it.
> >
> > > Debug:   rad_check_password:  Found Auth-Type Local
> > > Debug: auth: type Local
> > > Debug: auth: No User-Password or CHAP-Password attribute in the request
> >
> >   So... you forced Auth-Type to Local.  Why?
>
> I did not force any Auth-Type to Local (as far as I know...if so where to
> check this ?)
>
> However, accepted the fact User-Password or CHAP-Password are valid with
> TTLS so Auth-Type=Local is acceptable (correct me If I'm wrong)
> where can I indicate these values so the request contain them ?
>
> > > in file 'users'
> > > acer9100     Auth-Type := EAP
> >
> >   Why?  The comments in eap.conf make it clear that this is wrong.
>
> I tried few options for file 'users' without any change.
> Same if there is no entry at all. So what are valid types here ?
>
> Remark: indeed this EAP option is confusing in file 'users': implemented
> but not to be used ?
>
> Thanks for your attention.
> -Bruno
>
> >   Alan DeKok.
> > --
> >   http://deployingradius.com       - The web site of the book
> >   http://deployingradius.com/blog/ - The blog
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

I noticed my previous explanations/questions are maybe cumbersome.
Some clarifications hereafter :

I'm trying to configure FreeRadius using TTLS (certificate on server side 
only) and MySQL. Client is a Linux laptop  using wpa_supplicant.
I'm in a learning curve regarding 802.1x and FreeRadius and especially TTLS.
 
Note : however the config was working before Auth-Type and/or MySQL tables 
(apparently) were touched (but at least this can valid certain part of the 
config like the certificate).

Questions:
- TTLS available authentications are: CHAP,PAP,MS-CHAP,EAP (correct ?)
- 'Auth-Type=local' means CHAP,PAP and MS-CHAP (correct ?)
- for the learning curve : 
--- which is the easiest authentications to start with ?
--- MySQL will be removed at the first stage to ease debugging / setup of the 
config (good idea ?)

Thanks for attention and remarks,
Bruno



More information about the Freeradius-Users mailing list