EAP-PEAP GTC auth_type

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Wed Feb 25 12:29:42 CET 2009

Hash: SHA1

I'm pretty sure PEAPv0 does not support GTC as an inner method, and
FreeRADIUS does not support PEAPv1.

Use EAP-TTLS with a GTC/PAP inner.


> tnt at kalik.net wrote:
>>> but using LDAP user with auth_type = PAP in gtc section does not work
>>> #==============================================
>>> Found Auth-Type = EAP
>>> +- entering group authenticate {...}
>>> [eap] Request found, released from the list
>>> [eap] EAP/gtc
>>> [eap] processing type gtc
>>> [gtc] +- entering group PAP {...}
>>> [pap] login attempt with password "<My LDAP password here>"
>> That's not "your LDAP password". That's the password from the
>> User-Password field in the request.
> It was the same as my LDAP password :)
> Reading eap.conf again you're right though, that's the password from the
> User-Password field in the request. Which means that gtc receives the
> password correctly as plain-text.
>>> [pap] No password configured for the user.  Cannot do authentication
>>> ++[pap] returns fail
>>> [eap] Handler failed in EAP/gtc
>>> [eap] Failed in EAP select
>>> ++[eap] returns invalid
>>> Failed to authenticate the user.
>>> Login incorrect: [<My LDAP user here>] (from client <My client name
>>> here> port 0 via TLS tunnel)
>>> #==============================================
>> And where is the part of the debug that shows what ldap did?
> Here's a complete debug log from radius startup tested with radtest,
> with user and pasword masked. This works correctly.
> http://pastebin.com/f11606cc2
> Here's a complete debug log from radius startup tested with wifi client,
> same user and password, same config files. Somehow in this config LDAP
> never got to bind as my user.
> http://pastebin.com/f37aaf2b2
> Regards,
> Fajar
> ------------------------------------------------------------------------
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- --
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Freeradius-Users mailing list