[help] Mikrotik WDS + WPA2-EAP TLS + FreeRadius = failure

Alan DeKok aland at deployingradius.com
Fri Sep 17 11:11:28 CEST 2010

Denis Iskandarov wrote:
> Hello
> I'm trying to do WDS WPA2-EAP TLS authentication of 2 RB600
> Simple WDS AP+station without EAP is working.
> I've already searched forum for related topics. but they didn't help me.

  What supplicant are you using?  i.e.  Windows?  Linux?

> AP bridge security profile and rad. server:
> [admin at RB600_test1] > /radius print

   Please don't post that.  The FAQ and documentation say what is
needed.  Posting more isn't requested, and isn't necessary.

> Here's debug of radius:
> It's says that it can't identify username. what should i write in db
> as username? as i knew EAP-TLS is using certificate authentication
> without usernames and passwords like EAP-TTLS is doing.

  The supplicant is broken.  It's sending an EAP-Identity field with no

> rad_recv: Access-Request packet from host port 41953,
> id=93, length=201
> 	EAP-Message = 0x0200000501

  This is an EAP Identity packet, saying that the identity is empty.

  Make sure that the supplicant send a name in the identity field.

  Alan DeKok.

More information about the Freeradius-Users mailing list