can't get WPA/2 and EAP-TTLS to work
William Bulley
web at umich.edu
Fri Feb 15 18:34:56 CET 2008
According to A.L.M.Buxey at lboro.ac.uk:
>
> from what i can see, rubbish. freeradius as an AAA does not
> ask NAs about their VLANs - dynamic or otherwise! there a re
> few things wonky or wrong.
I didn't think Cisco's VLAN concept was accurate, but I couldn't
expect them to know anything about FreeRADIUS...
> first , what version of FR are you using exactly? i would STRONGLY
> recommend 2.0.2 as 1.1.x (you appear to be 1.1.7 with patches...)
> isnt as configurable.
I have been following that thread on the list here, and am in the
process up upgrading my FreeBSD ports _INCLUDING_ FreeRADIUS, but
the 2.0.2 version is not in the FreeBSD ports tree yet (as of 2/14).
> secondly
>
> > foo User-Password == "password"
>
> foo Cleartext-Password := "password"
>
> (as clearly in the docs)
And just as clearly, I missed that one - yep, thanks.
> > Thu Feb 14 08:41:05 2008 : Debug: rlm_eap_tls: add_reply failed to create attribute MS-MPPE-Recv-Key: Unknown attribute
> > "MS-MPPE-Recv-Key"
> > Thu Feb 14 08:41:05 2008 : Debug: rlm_eap_tls: add_reply failed to create attribute MS-MPPE-Send-Key: Unknown attribute
> > "MS-MPPE-Send-Key"
>
> this aint good. you've got to have these in your TTLS or things arent
> going to work. dictionary files all okay and present and loaded?
> you arent filtering attributes from my quick scan of the config...unless
> you've not copied that part.
I commented out the Micro$loth dictionary since I wasn't using anything
from Redmond in this setup. I will uncomment this and see what happens.
Thanks for all your help.
Regards,
web...
--
William Bulley Email: web at umich.edu
More information about the Freeradius-Users
mailing list