unable to authenticate
Alan DeKok
aland at deployingradius.com
Fri May 23 17:20:33 CEST 2008
David Trinh wrote:
> I would like to test the security feature 802.1x EAP-TLS of our product.
> I set up FreeRadius and used the demo certificates. However, the server
> keeps rejecting access.
>
> I noticed that the server complains about <no User Password attribute>,
> but the wireless device (supplicant) does not have a place for me to
> enter the password, only the login.
That's how EAP-TLS works. There's no password.
The debugging information says there's no password... because there's
no password. It's OK.
> So how to I configure FreeRadius to
> ignore the password attribute? Please help.
You don't. The problem is elsewhere:
> Here is the log when run in debug mode:
...
> rlm_eap: Request found, released from the list
> rlm_eap: EAP NAK
> rlm_eap: NAK asked for bad type 0
> rlm_eap: Failed in EAP select
The EAP supplicant you're using doesn't want to do EAP-TLS, and told
the server that there are no EAP types it can use.
Fix the supplicant to do EAP-TLS.
Alan DeKok.
More information about the Freeradius-Users
mailing list