unable to authenticate

Alan DeKok aland at deployingradius.com
Fri May 23 17:20:33 CEST 2008


David Trinh wrote:
> I would like to test the security feature 802.1x EAP-TLS of our product.
> I set up FreeRadius and used the demo certificates. However, the server
> keeps rejecting access.
> 
> I noticed that the server complains about <no User Password attribute>,
> but the wireless device (supplicant) does not have a place for me to
> enter the password, only the login.

  That's how EAP-TLS works.  There's no password.

  The debugging information says there's no password... because there's
no password.  It's OK.

> So how to I configure FreeRadius to
> ignore the password attribute? Please help.

  You don't.  The problem is elsewhere:

> Here is the log when run in debug mode:
...
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP NAK
>  rlm_eap: NAK asked for bad type 0
>   rlm_eap: Failed in EAP select

  The EAP supplicant you're using doesn't want to do EAP-TLS, and told
the server that there are no EAP types it can use.

  Fix the supplicant to do EAP-TLS.

  Alan DeKok.



More information about the Freeradius-Users mailing list