I have been struggling to get the EAP-TTLS to work.
Johan Nyman
Johan at mediavisiongroup.se
Thu Apr 10 14:13:09 CEST 2008
Hello all,
I have been struggling to get the EAP-TTLS to work.
I have been following this guide:
<http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html>
http://rbirri.9online.fr/howto/Freeradius_+_TTLS.html
And i think the setup of all things has gone fine (biggest problem i had was
creating the certifcates).
I have tested the connection with "raddtest" and the tool "NTRadPing" and
everything seems ok.
However when i try to connect from my Linux machine using WPA supplicant,
the following errors appear in the Radius server console:
............................................................................
.......
Going to the next request
Waking up in 4.9 seconds.
User-Name = "johan at mediavisiongroup.se"
NAS-IP-Address = 192.168.1.144
Called-Station-Id = "00-20-a6-64-c3-b1:MVG-Personal"
Calling-Station-Id = "00-0f-cb-f9-3b-f9;MVG-Personal"
NAS-Identifier = "MVG-1"
State = 0xdea187e5dea3836d25979821eb25f055
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200060315
Message-Authenticator = 0x80154e870b93b69627ead5a0eee17643
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: Looking up realm "mediavisiongroup.se" for User-Name =
"johan at med
iavisiongroup.se"
rlm_realm: No such realm "mediavisiongroup.se"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xdea187e5dfa2926d25979821eb25f055
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 48 with timestamp +3
Cleaning up request 1 ID 49 with timestamp +3
Ready to process requests.
............................................................................
.......
The connection conf from the Linux box is (/etc/wpa_supplicant.conf):
network={
ssid="MVG-Personal"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="johan at mediavisiongroup.se"
anonymous_identity="anonymous at example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase2="auth=MD5"
}
- I am guessing that the /etc/cert/ca.pem is the "client certification" i
created from the freeradius.
- User and password above (in the file /etc/wpa_supplicant.conf) do exist
and is correct. They match the user and password in the file on the
freeradius "/usr/local/etc/raddb/users".
............................................................................
.......
Also so i understand this, three certficates are needed for EAP-TTLS ?
CA= root certifcate stored on the freeradius machine
Server = certifcate also stored on the freeradius machine
Client = certifcate copied to the client trying to connect
And on the client the path in the "wpa_supplicant.conf" to the client
certificate is correct.
In short: the client seem to connect to the freeradius, but i am getting no
IP to the client.
............................................................................
.......
Thanks very much for help!
Best regards,
Johan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080410/506b5827/attachment.html>
More information about the Freeradius-Users
mailing list