EAP-PEAP-GTC User-Password never set

Alan DeKok aland at deployingradius.com
Wed Apr 13 06:56:54 CEST 2011


Carl Anderson wrote:
> So far the PEAP tunnel is created without a problem, but when it enters the
> EAP/gtc phase 2 it seems to only populate the User-Name attribute. The
> User-Password, Secret, PIN, and Offset values all expand as empty. As a
> result, phase 2 GTC authentication fails because the gtc module says it
> needs a Cleartext-Password. I feel as though I need to populate those
> attributes somewhere, but I have no idea where... or how exactly to do it.

  Read what you just wrote: the User-Password doesn't exist, and the gtc
module says it needs a Cleartext-Password.

  They're not the same.

  The GTC module requires a Cleartext-Password to authenticate the user,
as the "known good" password.  It doesn't exist, because you're using a
script.

  Your config is looking for a User-Password attribute to pass to the
script.  It doesn't exist becaue you're using GTC.

  In short, what you want to do isn't possible unless you modify the
source code to the server.

  Alan DeKok.



More information about the Freeradius-Users mailing list