TLS authentication works, but does not check usernames against 'users' file.
Andrew Bovill
abovill at gmail.com
Tue Nov 30 17:10:55 CET 2010
On 11/30/2010 11:05 AM, John McDonnell wrote:
>> -----Original Message-----
>> On Behalf Of Andrew Bovill
>>
>> Hi,
>>
>> I'm trying to get WPA Enterprise EAP/TLS working with my wireless
>> router. It appears that the TLS portion of the authentication works
>> (valid certificates give me a working connection) but it does NOT
>> appear
>> to actually be checking the username/password combination that is also
>> sent along the line.
>>
>> I have followed the WPA_HOWTO as best I could (my clients are OS X and
>> Android and Gentoo, not Windows XP) but I can't figure out how to
>> 'fail'
>> an auth attempt with an invalid user/pass combination.
>>
>> Here is the debug output:
>> Thanks for any advice. I didn't want to start reconfiguring with a
>> shotgun :)
>> *snipped*
> IIRC, that is how EAP-TLS works. If the client has a valid certificate, it
> can connect.
>
> Check this previous message that is similar to what I think you are trying
> to do:
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg66246.h
> tml
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cool, I was wondering about that.
It just seems weird that nearly ALL of the suplicants I've used
*require* me to give a username/password (or at least an Identifier +
password) in addition to the unlocked certificate. Maybe a better
question is: What's the point of the username/pass that's also being
sent by the supplicant?
Thanks
--Andrew Bovill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101130/2c8bb91b/attachment.html>
More information about the Freeradius-Users
mailing list