having problems with different eap modules

Alan DeKok aland at deployingradius.com
Sun Jul 13 07:53:07 CEST 2008


Sergio wrote:
> why User-Name couldn't be found?

  Because the access point isn't sending it.

> If first match with users file was ok and found DNIe module, radius
> should begin tls handshake.
> Does wpa_supplicant sends identity only in the rist Access-Request? this
> sounds a little strange...

  wpa_supplicant is permitted to behave that way.

> Any "Sauron Eye" which can help me? Thanks

  The EAP module remembers the User-Name from the first session, and
uses it for later sessions.  Unfortunately, you're checking for the
User-Name *before* running the EAP module.  This won't work.

  On top of that, the access point isn't sending the State attribute
back in the later Access-Request.  That is a violation of the RADIUS
specifications.

  Take whatever access point you're using, and throw it in the garbage.
 It doesn't work.  Then, buy one that works.

  Alan DeKok.



More information about the Freeradius-Users mailing list