freeradius + ldap eap-ttls/pap

Matias matiassurdi at gmail.com
Sun Nov 22 17:18:44 CET 2009


Thanks for your help.

I've followed the tutorial at deploying radius.conf, but there I don't 
see any indication on how to enable TTLS. Should it be working out of 
the box?

The only sections I modified from the default config is the radiusd.conf 
  to set my ldap parameters and the inner-tunnel config file to 
uncomment the ldap authentication lines.

I understand that ttls is not being enabled in the default virtual host, 
could you provide an example on how to enable it?


Thank you very much for your help and time.


Alan DeKok escribió:
> Matias wrote:
>> I've an Acces Point configured to ask my radius server for
>> authentication, this servers uses as a backend an openldap server with
>> SSHA passwords on it. I've followed all the manuals and documentation
>> I've found and I can't get this to work.
> 
>   http://deployingradius.com
> 
>   There is a step-by-step guide to getting EAP to work.
> 
>> The problem as far as I can see is related to the outer tunnel, it seems
>> that the user "anonymous" cannot be authenticated and everthing ends
>> there. 
> 
>   No.  The debug log clearly shows what the problem is.
> 
> 
>> auth: type "EAP"
>> +- entering group authenticate
>>   rlm_eap: Request found, released from the list
>>   rlm_eap: EAP NAK
>>  rlm_eap: NAK asked for unsupported type 21
> 
>   Type 21 is TTLS.
> 
>>  rlm_eap: No common EAP types found.
>>   rlm_eap: Failed in EAP select
>> ++[eap] returns invalid
>> auth: Failed to validate the user.
> 
>   You have not configured the server to support TTLS.  So... it doesn't
> do TTLS.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 




More information about the Freeradius-Users mailing list