freeradius + ldap eap-ttls/pap
Alan DeKok
aland at deployingradius.com
Sun Nov 22 16:58:27 CET 2009
Matias wrote:
> I've an Acces Point configured to ask my radius server for
> authentication, this servers uses as a backend an openldap server with
> SSHA passwords on it. I've followed all the manuals and documentation
> I've found and I can't get this to work.
http://deployingradius.com
There is a step-by-step guide to getting EAP to work.
> The problem as far as I can see is related to the outer tunnel, it seems
> that the user "anonymous" cannot be authenticated and everthing ends
> there.
No. The debug log clearly shows what the problem is.
> auth: type "EAP"
> +- entering group authenticate
> rlm_eap: Request found, released from the list
> rlm_eap: EAP NAK
> rlm_eap: NAK asked for unsupported type 21
Type 21 is TTLS.
> rlm_eap: No common EAP types found.
> rlm_eap: Failed in EAP select
> ++[eap] returns invalid
> auth: Failed to validate the user.
You have not configured the server to support TTLS. So... it doesn't
do TTLS.
Alan DeKok.
More information about the Freeradius-Users
mailing list